Vulnerability Description
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 1.6, < 1.6.7 |
| Debian | Debian Linux | 4.0 |
Related Weaknesses (CWE)
References
- http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2ExploitVendor Advisory
- http://moodle.org/mod/forum/discuss.php?d=101402PatchVendor Advisory
- http://www.debian.org/security/2008/dsa-1691Third Party Advisory
- http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2ExploitVendor Advisory
- http://moodle.org/mod/forum/discuss.php?d=101402PatchVendor Advisory
- http://www.debian.org/security/2008/dsa-1691Third Party Advisory
FAQ
What is CVE-2008-6124?
CVE-2008-6124 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allo...
How severe is CVE-2008-6124?
CVE-2008-6124 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6124?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Debian Debian Linux.