PublicDate: 2006-09-14 10:07:00 UTC
Candidate: CVE-2006-4785
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4785
Description:
 SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier
 allows remote attackers to execute arbitrary SQL commands via the format
 parameter as stored in the $blogEntry variable, which is not properly
 handled by the insert_record function, which calls _adodb_column_sql in the
 adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data
 type to an int.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to:
CVSS:

upstream_moodle: released (1.6.2)
dapper_moodle: ignored (reached end-of-life)
edgy_moodle: not-affected (1.6.2-1ubuntu1.1)
feisty_moodle: not-affected (1.6.3-2ubuntu1)
gutsy_moodle: not-affected (1.8.2-1)
hardy_moodle: not-affected (1.8.2-1)
intrepid_moodle: not-affected (1.8.2-1)
jaunty_moodle: not-affected (1.8.2-1)
karmic_moodle: not-affected (1.8.2-1)
devel_moodle: not-affected (1.8.2-1)