CVE-2008-6124

{"id": "CVE-2008-6124", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-02-13T01:30:00.267", "references": [{"url": "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://moodle.org/mod/forum/discuss.php?d=101402", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1691", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://moodle.org/mod/forum/discuss.php?d=101402", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2008/dsa-1691", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n hotpot_delete_selected_attempts en report.php en el m\u00f3dulo the HotPot en Moodle v1.6 anteriores a 1.6.7, v1.7 anteriores a v1.7.5, v1.8 anteriores v1.8.6, y v1.9 anteriores a v1.9.2 permite a los atacantes ejecutar arbitrariamente comandos SQL a trav\u00e9s de un intento seleccionado manipulado."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B069A088-482B-424F-995B-844F0B1B5102", "versionEndExcluding": "1.6.7", "versionStartIncluding": "1.6"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1667DFC8-BB76-4DB0-A188-BB5E283CB120", "versionEndExcluding": "1.7.5", "versionStartIncluding": "1.7"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA0C31E-23A6-49BA-8E42-E1E091CE253F", "versionEndExcluding": "1.8.6", "versionStartIncluding": "1.8"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE959BE-2238-4651-B154-41CB8857DE89", "versionEndExcluding": "1.9.2", "versionStartIncluding": "1.9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}