| Topic:
|
Incorrect escaping when updating first post in a single simple discussion forum type
|
| Severity/Risk:
|
Minor
|
| Versions affected:
|
<1.9.6, <1.8.10
|
| Reported by:
|
Nicola Vitacolonna
|
| Issue no.:
|
MDL-20555
|
| Solution:
|
upgrade to latest weekly build or 1.9.6
|
| Workaround:
|
none
|
Description:
Nicola Vitacolonna discovered forum introduction is incorrectly escaped when editing the first post of a single simple discussion forum. This can potentially lead to SQL injection attacks by teachers. Students can not exploit this problem.
