CVE-2010-1615
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.
| Software | From | Fixed in |
|---|---|---|
moodle / moodle
|
1.9.4 | 1.9.4.x |
|
moodle / moodle
|
1.9.1 | 1.9.1.x |
|
moodle / moodle
|
1.8.8 | 1.8.8.x |
|
moodle / moodle
|
1.9.6 | 1.9.6.x |
|
moodle / moodle
|
1.8.2 | 1.8.2.x |
|
moodle / moodle
|
1.9.2 | 1.9.2.x |
|
moodle / moodle
|
1.8.6 | 1.8.6.x |
|
moodle / moodle
|
1.8.5 | 1.8.5.x |
|
moodle / moodle
|
1.8.3 | 1.8.3.x |
|
moodle / moodle
|
1.8.9 | 1.8.9.x |
|
moodle / moodle
|
1.8.7 | 1.8.7.x |
|
moodle / moodle
|
1.8.10 | 1.8.10.x |
|
moodle / moodle
|
1.9.3 | 1.9.3.x |
|
moodle / moodle
|
1.9.5 | 1.9.5.x |
|
moodle / moodle
|
1.8.11 | 1.8.11.x |
|
moodle / moodle
|
1.8.4 | 1.8.4.x |
|
moodle / moodle
|
1.8.1 | 1.8.1.x |
|
moodle / moodle
|
1.9.7 | 1.9.7.x |
- http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3
- http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://moodle.org/security/
- http://www.vupen.com/english/advisories/2010/1107
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime