PublicDate: 2005-11-17 11:02:00 UTC
Candidate: CVE-2005-3648
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3648
Description:
 Multiple SQL injection vulnerabilities in the get_record function in
 datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL
 commands via the id parameter in (1) category.php and (2) info.php.
Ubuntu-Description: 
Notes: 
 jdstrand> 1.5.2 and earlier
Bugs: 
Priority: medium
Discovered-by:
Assigned-to:
CVSS:

upstream_moodle: not-affected (1.5.3)
dapper_moodle: not-affected (1.5.3+20060108-1ubuntu1.1)
edgy_moodle: not-affected (1.6.2-1ubuntu1.1)
feisty_moodle: not-affected (1.6.3-2ubuntu1)
gutsy_moodle: released (1.8.2-1)
devel_moodle: released (1.8.2-1)