Unrated severityNVD Advisory· Published Nov 17, 2005· Updated Jun 16, 2026

CVE-2005-3648

Description

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Moodle/Moodle2 versions
cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
- (no CPE)range: <=1.5.2

Patches

Vulnerability mechanics

Root cause

"Missing input sanitization of the `id` parameter before passing it to the `get_record()` function in `datalib.php` allows SQL injection."

Attack vector

An attacker sends a crafted HTTP GET request to either `course/category.php` or `course/info.php` with a malicious `id` parameter containing SQL injection payloads. When `magic_quotes_gpc` is off, the unsanitized `id` value flows into the `get_record()` function in `datalib.php`, allowing the attacker to execute arbitrary SQL commands such as `UNION SELECT ... INTO DUMPFILE` to write a web shell to the filesystem [ref_id=1].

Affected code

The `get_record` function in `datalib.php` is the vulnerable code path. The `id` parameter in `course/category.php` and `course/info.php` is passed unsanitized to this function, enabling SQL injection [ref_id=1].

What the fix does

The advisory states that Moodle 1.6dev (the development branch) is not vulnerable to the category.php and info.php attacks, implying that input sanitization was added to the `get_record()` call path in that version. No patch diff is provided in the bundle; the remediation is to upgrade to a version where the `id` parameter is properly sanitized before being passed to `get_record()` [ref_id=1].

Preconditions

configmagic_quotes_gpc must be Off
networkAttacker must be able to send HTTP GET requests to the Moodle instance
configThe target must be Moodle 1.5.2 or earlier (or 1.6dev for the plot.php variant)

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

secunia.com/advisories/17526/nvdPatchVendor Advisory
rgod.altervista.org/moodle16dev.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/15380/nvdExploit
marc.infonvd
osvdb.org/20748nvd
securitytracker.com/idnvd
www.vupen.com/english/advisories/2005/2387nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23058nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000