Vulnerabilities > CVE-2006-4784 - Input Validation and Information Disclosure vulnerability in Moodle

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
moodle
nessus
NVD
Published: 2006-09-14
Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

Vulnerable Configurations

Part Description Count
Application
Moodle
21

Nessus

NASL familyCGI abuses
NASL idMOODLE_162.NASL
descriptionThe installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application.
last seen2020-06-01
modified2020-06-02
plugin id22364
published2006-09-15
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22364
titleMoodle < 1.6.2 Multiple Vulnerabilities

References