|
|
Family: CGI abuses --> Category: infos
Moodle < 1.6.2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks if Moodle's jumpto.php requires a sesskey
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple vulnerabilities.
Description :
The installed version of Moodle fails to sanitize user-supplied input
to a number of parameters and scripts. A possible hacker may be able to
leverage these issues to launch SQL injection and cross-site scripting
attacks against the affected application.
See also :
http://www.securityfocus.com/archive/1/446227/30/0/threaded
http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2
Solution :
Upgrade to Moodle version 1.6.2 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
