Candidate: CVE-2013-4313
PublicDate: 2013-09-16 13:02:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4313
 https://moodle.org/mod/forum/discuss.php?d=238396
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676
Description:
 Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x
 before 2.5.2 does not prevent use of '\0' characters in query strings,
 which might allow remote attackers to conduct SQL injection attacks against
 Microsoft SQL Server via a crafted string.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.2-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.2-1)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: not-affected (2.5.4-1ubuntu1)
vivid_moodle: not-affected (2.5.4-1ubuntu1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.4-1ubuntu1)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: not-affected (2.5.4-1ubuntu1)
zesty_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)