Vulnerabilities > CVE-2006-4786 - Unspecified vulnerability in Moodle
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN moodle
nessus
Summary
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | MOODLE_162.NASL |
| description | The installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22364 |
| published | 2006-09-15 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22364 |
| title | Moodle < 1.6.2 Multiple Vulnerabilities |
References
- http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2
- http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2
- http://secunia.com/advisories/21899
- http://secunia.com/advisories/21899
- http://www.securityfocus.com/bid/19995
- http://www.securityfocus.com/bid/19995
- http://www.vupen.com/english/advisories/2006/3591
- http://www.vupen.com/english/advisories/2006/3591
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28903
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28903