CVE-2006-5219

Moodle 1.6.2 - SQL Injection via Double-Encoded Tag Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5219. PoCs published by disfigure.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Moodle 1.6.2 by injecting a malicious SQL query via the 'tag' parameter. The query extracts usernames, passwords, and emails from the database by leveraging UNION-based SQLi.

Description

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by disfigure · textwebappsphp

https://www.exploit-db.com/exploits/28770

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Moodle 1.6.2 by injecting a malicious SQL query via the 'tag' parameter. The query extracts usernames, passwords, and emails from the database by leveraging UNION-based SQLi.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Moodle 1.6.2

No auth needed

Prerequisites: Access to the vulnerable Moodle instance · SQL injection vulnerability in the 'tag' parameter

MITRE ATT&CK