DescriptionMultiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs338592

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)

Search for package or bug name: Reporting problems