ID de Prueba:	1.3.6.1.4.1.25623.1.0.800766
Categoría:	Web application abuses
Título:	Moodle Multiple Vulnerabilities
Resumen:	Moodle is prone to multiple vulnerabilities.
Descripción:	Summary: Moodle is prone to multiple vulnerabilities. Vulnerability Insight: - Input data passed to add_to_log()function in wiki module in 'mod/wiki/view.php' and 'lib/form/selectgroups.php' is not properly sanitised before being used in SQL query - Error in 'user/view.php', which fails to check role - Error in 'phpCAS client library', allows remote attackers to inject arbitrary web script or HTML via a crafted URL - Error in 'fix_non_standard_entities' function in the 'KSES HTML text cleaning library', allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Affected Software/OS: Moodle version 1.8.x prior to 1.8.12, 1.9.x prior to 1.9.8. Solution: Update to version 1.8.12, 1.9.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1614 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2010/1107 Common Vulnerability Exposure (CVE) ID: CVE-2010-1615 Common Vulnerability Exposure (CVE) ID: CVE-2010-1617 Common Vulnerability Exposure (CVE) ID: CVE-2010-1618 Common Vulnerability Exposure (CVE) ID: CVE-2010-1619
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.