VDB

GCVE-110-MAGEIA-2013-280

GCVE-110-MAGEIA-2013-280
Advisory Published
Vulnetix · Advisory published September 19, 2013
Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver (CVE-2013-4313). Links to external blogs were not being adequately cleaned in Moodle before 2.4.6, potentially allowing for XSS attacks (CVE-2013-4341).

Affected Products

VendorProductVersionsPlatforms
Mageiamoodle0 (affected), 2.4.6-1.mga3 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›