Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2006-0146 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2006-0146

High
Reference: CVE-2006-0146
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2006-0146
Title: Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

The server.php test script in ADOdb for PHP before 4.70 as used in multiple products including (1) Mantis (2) PostNuke (3) Moodle (4) Cacti (5) Xaraya (6) PHPOpenChat (7) MAXdev MD-Pro and (8) MediaBeez when the MySQL root password is empty allows remote attackers to execute arbitrary SQL commands via the sql parameter.