CVE-2008-6124

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Published: Feb 13, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6124
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
moodle / moodle	1.6	1.6.7
moodle / moodle	1.7	1.7.5
moodle / moodle	1.8	1.8.6
moodle / moodle	1.9	1.9.2
debian / debian_linux	4.0	4.0.x

http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2
http://moodle.org/mod/forum/discuss.php?d=101402
http://www.debian.org/security/2008/dsa-1691

Vulnerability Database

289,599

CVE-2008-6124