CVE-2006-4785 - OpenCVE

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
http://secunia.com/advisories/21899
http://securitytracker.com/id?1016877
http://www.attrition.org/pipermail/vim/2006-September/001038.html
http://www.attrition.org/pipermail/vim/2006-September/001040.html
http://www.securityfocus.com/archive/1/446227/100/0/threaded
http://www.securityfocus.com/bid/19995
http://www.securityfocus.com/bid/20085
http://www.vupen.com/english/advisories/2006/3591
https://exchange.xforce.ibmcloud.com/vulnerabilities/28904
https://exchange.xforce.ibmcloud.com/vulnerabilities/29001

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-14T10:00:00

Updated: 2024-08-07T19:23:41.121Z

Reserved: 2006-09-13T00:00:00

Link: CVE-2006-4785

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-14T10:07:00.000

Modified: 2018-10-17T21:39:35.107

Link: CVE-2006-4785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "moodle-edit-sql-injection(29001)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29001"}, {"name": "19995", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19995"}, {"name": "21899", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21899"}, {"name": "20060619 Re: Moodle issue - invalid vendor ack? and extra vulns", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001040.html"}, {"name": "20060919 Moodle issue - invalid vendor ack? and extra vulns", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001038.html"}, {"name": "20085", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20085"}, {"name": "moodle-unspecified-sql-injection(28904)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28904"}, {"name": "20060917 Sql injection in Moodle", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/446227/100/0/threaded"}, {"name": "1016877", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016877"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"}, {"name": "ADV-2006-3591", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3591"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "moodle-edit-sql-injection(29001)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29001"}, {"name": "19995", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19995"}, {"name": "21899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21899"}, {"name": "20060619 Re: Moodle issue - invalid vendor ack? and extra vulns", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2006-September/001040.html"}, {"name": "20060919 Moodle issue - invalid vendor ack? and extra vulns", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2006-September/001038.html"}, {"name": "20085", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20085"}, {"name": "moodle-unspecified-sql-injection(28904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28904"}, {"name": "20060917 Sql injection in Moodle", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446227/100/0/threaded"}, {"name": "1016877", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016877"}, {"name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2", "refsource": "CONFIRM", "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"}, {"name": "ADV-2006-3591", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3591"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:41.121Z"}, "title": "CVE Program Container", "references": [{"name": "moodle-edit-sql-injection(29001)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29001"}, {"name": "19995", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19995"}, {"name": "21899", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21899"}, {"name": "20060619 Re: Moodle issue - invalid vendor ack? and extra vulns", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001040.html"}, {"name": "20060919 Moodle issue - invalid vendor ack? and extra vulns", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001038.html"}, {"name": "20085", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20085"}, {"name": "moodle-unspecified-sql-injection(28904)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28904"}, {"name": "20060917 Sql injection in Moodle", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/446227/100/0/threaded"}, {"name": "1016877", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016877"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"}, {"name": "ADV-2006-3591", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3591"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4785", "datePublished": "2006-09-14T10:00:00", "dateReserved": "2006-09-13T00:00:00", "dateUpdated": "2024-08-07T19:23:41.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F20C403-413B-4474-8E4A-B6E0845F493C", "versionEndIncluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el blog/edit.php del Moodle 1.6.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro format como el almacenado en la variable $blogEntry, lo que no es correctamente manejado por la funci\u00f3n insert_record, lo que llama al _adodb_column_sql en la capa adodb (lib/adodb/adodb-lib.inc.php), y no convierte este tipo de datos a un entero (int)."}], "id": "CVE-2006-4785", "lastModified": "2018-10-17T21:39:35.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-14T10:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://secunia.com/advisories/21899"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1016877"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001038.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.attrition.org/pipermail/vim/2006-September/001040.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446227/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/19995"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20085"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3591"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28904"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29001"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}