Moodle < 1.9.6 / 1.8.10 Multiple Vulnerabilities

medium Nessus Plugin ID 47128

Synopsis

The remote web server hosts a web application that is affected by multiple vulnerabilities.

Description

The version of Moodle installed on the remote host is prior to 1.9.6 / 1.8.10. It is, therefore, affected by multiple vulnerabilities :

- Email addresses are not escaped properly in email change confirmation codes. (MDL-20295)

- When upgrading from a version older than 1.9.0, certain tags are not properly escaped. (MDL-19709)

- It may be possible for certain teachers to perform SQL injection attacks while updating the first post in a single simple discussion forum. (MDL-20555)

- Function 'update_record' is affected by a SQL injection issue. A registered user could exploit this issue to manipulate database queries, resulting in disclosure of sensitive information or attacks against the underlying database. (MDL-20309)

- It may be possible for teachers to view student grades in all courses even though they do not have teacher rights for the course in an overview report. (MDL-20355)

- An error in ADODB OCI8/MSSQL drivers could allow SQL injection (only servers using Oracle and MS SQL databases are affected).(MDL-19452)

Solution

Upgrade to Moodle 1.9.6 / 1.8.10 or later.

See Also

http://docs.moodle.org/en/Moodle_1.9.6_release_notes#Security_issues

http://docs.moodle.org/en/Moodle_1.8.10_release_notes

Plugin Details

Severity: Medium

ID: 47128

File Name: moodle_196.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 6/24/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Required KB Items: www/PHP, installed_sw/Moodle

Patch Publication Date: 10/21/2009

Vulnerability Publication Date: 10/21/2009