Moodle < 1.6.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3742


The remote web server is hosting a web application that is vulnerable to multiple attack vectors.


The remote host is running Moodle, an open-source content-management system written in PHP. This version of Moodle is vulnerable to a SQL Injection flaw, a cross-site scripting flaw, and an information disclosure flaw. An attacker exploiting these flaws would only need to be able to send malformed HTTP requests to the server. Successful exploitation would result in arbitrary SQL command execution on the remote database server, code execution within client browsers, or gleaning of information useful in future attacks.


Upgrade to version 1.6.2 or higher.

See Also

Plugin Details

Severity: High

ID: 3742

Family: CGI

Published: 2006/09/14

Modified: 2016/11/23

Dependencies: 8683

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2006/09/12

Vulnerability Publication Date: 2006/09/12

Reference Information

CVE: CVE-2006-4786, CVE-2006-4784, CVE-2006-4785

BID: 19995