VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2232

CVE-2004-2232

Description

SQL injection in Moodle Glossary module sql.php allows remote attackers to modify SQL statements in Moodle 1.4.1 and earlier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in Moodle Glossary module sql.php allows remote attackers to modify SQL statements in Moodle 1.4.1 and earlier.

Vulnerability

An SQL injection vulnerability exists in the sql.php file of the Glossary module in Moodle versions 1.4.1 and earlier [1]. The vulnerability arises because user-supplied input is not properly sanitized before being incorporated into SQL queries, allowing an attacker to inject arbitrary SQL commands [2].

Exploitation

A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to the sql.php script. No authentication is required, and the attacker can manipulate parameters to inject malicious SQL code [1][2].

Impact

Successful exploitation allows the attacker to modify SQL statements, potentially leading to unauthorized access to or modification of database contents, including user data and course information [1].

Mitigation

The vulnerability is fixed in Moodle 1.4.2 and later versions [2]. Users should upgrade to a patched release immediately. No workarounds are documented in the available references.

References
  1. About Secunia Research | Flexera
  2. Moodle

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Moodle/Moodle10 versions
    cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.4.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.