Vulnerabilities > CVE-2006-4786 - Input Validation and Information Disclosure vulnerability in Moodle

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
moodle
nessus
NVD
Published: 2006-09-14
Updated: 2017-07-20

Summary

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

Vulnerable Configurations

Part Description Count
Application
Moodle
21

Nessus

NASL familyCGI abuses
NASL idMOODLE_162.NASL
descriptionThe installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application.
last seen2020-06-01
modified2020-06-02
plugin id22364
published2006-09-15
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22364
titleMoodle < 1.6.2 Multiple Vulnerabilities

References