CVE-2013-4313 - Vulnerability Details

Vendors	Products
Moodle	Moodle

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676
https://moodle.org/mod/forum/discuss.php?d=238396

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-16T10:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=238396"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4313", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676", "refsource": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"}, {"name": "https://moodle.org/mod/forum/discuss.php?d=238396", "refsource": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=238396"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.859Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=238396"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4313", "datePublished": "2013-09-16T10:00:00Z", "dateReserved": "2013-06-12T00:00:00Z", "dateUpdated": "2024-09-17T03:14:06.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-09-16T10:00:00Z (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2013-4313 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

refsource : CONFIRM (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

}

1 : { »

name : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

refsource : CONFIRM (string)

url : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T16:38:01.859Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2013-4313 (string)

datePublished : 2013-09-16T10:00:00Z (string)

dateReserved : 2013-06-12T00:00:00Z (string)

dateUpdated : 2024-09-17T03:14:06.533Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F226B7E-09C3-4E84-97E2-2A1E030763CB", "versionEndIncluding": "2.2.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "54ED2D6B-48F7-444D-8EC7-C51719F970CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4E36C4AB-0599-40A3-BD80-4DDB1631A604", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "A04348FF-A3BE-4063-A208-27C3E46B67EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "D2F95290-BFA3-470A-888C-E1896DD466F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC1ED608-B1D0-4FFF-B67F-69451C2526C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string."}, {"lang": "es", "value": "Moodle desde 2.2.11, 2.3.x anterior a 2.3.9, 2.4.x anterior a 2.4.6, y 2.5.x anterior a 2.5.2 no previene el uso de caracteres \"\\0\" en cadenas de busqueda lo que podr\u00eda permitir a atacantes remotos dirigir un ataque de inyecci\u00f3n SQL contra  Microsoft SQL Server a trav\u00e9s de una cadena manipulada"}], "id": "CVE-2013-4313", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-16T13:02:48.067", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=238396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=238396"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F226B7E-09C3-4E84-97E2-2A1E030763CB (string)

versionEndIncluding : 2.2.11 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 15A73CE2-73DA-4274-89E0-DD9A413ED17F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 39075F6E-2925-4897-B1DE-C86A066DF54B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 179DBC2B-B35F-4A19-B522-DF996D5E13E4 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : FA527724-B44E-46B6-BA53-A83B012EA376 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 31A8CAEA-CCCF-4678-B61E-0FFE439890DB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 25F99A03-DD94-4380-8E6B-C95D3A57D6EF (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 54ED2D6B-48F7-444D-8EC7-C51719F970CC (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 4E36C4AB-0599-40A3-BD80-4DDB1631A604 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:* (string)

matchCriteriaId : A04348FF-A3BE-4063-A208-27C3E46B67EF (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BFD575CF-2AF2-443F-841D-F7E25FBD455A (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC2A1954-E30F-40EC-BA59-40D29573E7D6 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 25EA194F-BE9D-49A8-AA35-FC7810C06643 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C3888D8-8219-4DE4-8E6C-84F58AFD3B15 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : E15AADAA-EFF5-4116-A683-D2B9824AA353 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : C917E5A8-ABE8-4F01-8580-329836CC2C55 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 70C08FF1-BAA7-4534-98E4-80231C25BC83 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 025832C9-F1A4-4935-892A-8868E401906E (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : D2F95290-BFA3-470A-888C-E1896DD466F3 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8E52813-E056-4A5C-8BF5-4DD5EF5BF041 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 62156008-2728-4207-AF60-E6330421D102 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 094DCC66-8C95-4DD6-B8DD-FB2D46A2A847 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D27EBAD4-F6F3-4E6A-8E42-EBB36655376D (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 93169BDD-4F0B-44C9-96C4-5BD0839A9BA4 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DC1ED608-B1D0-4FFF-B67F-69451C2526C0 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CD1B5B42-ECA9-4888-B18E-AD8D282311DB (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EF03304-032C-4E85-A802-7CDAC89216FA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. (string)

}

1 : { »

lang : es (string)

value : Moodle desde 2.2.11, 2.3.x anterior a 2.3.9, 2.4.x anterior a 2.4.6, y 2.5.x anterior a 2.5.2 no previene el uso de caracteres "\0" en cadenas de busqueda lo que podría permitir a atacantes remotos dirigir un ataque de inyección SQL contra Microsoft SQL Server a través de una cadena manipulada (string)

}

]

id : CVE-2013-4313 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-09-16T13:02:48.067 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=238396 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object