CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
79.9%
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier
allows remote attackers to execute arbitrary SQL commands via the format
parameter as stored in the $blogEntry variable, which is not properly
handled by the insert_record function, which calls _adodb_column_sql in the
adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data
type to an int.