Unrated severityNVD Advisory· Published Sep 14, 2006· Updated Jun 16, 2026
CVE-2006-4785
CVE-2006-4785
Description
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
11- secunia.com/advisories/21899nvdPatchThird Party Advisory
- www.securityfocus.com/bid/19995nvdPatchThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/20085nvdPatchThird Party AdvisoryVDB Entry
- docs.moodle.org/en/Release_notesnvdVendor Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.attrition.org/pipermail/vim/2006-September/001038.htmlnvdThird Party Advisory
- www.attrition.org/pipermail/vim/2006-September/001040.htmlnvdThird Party Advisory
- www.vupen.com/english/advisories/2006/3591nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/28904nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/29001nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/446227/100/0/threadednvd
News mentions
0No linked articles in our index yet.