Topic: | Stored SQL Injection in calendar |
Severity/Risk: | Serious |
Versions affected: | 1.9 to 1.9.17+ |
Reported by: | Simon Coggins |
Issue no.: | MDL-31746 |
CVE Identifier: |
CVE-2012-2363 |
Changes (1.9): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_19_STABLE&st=commit&s=MDL-31746 |
Description:
It was possible to include unfiltered information when adding a calendar event that was stored in the database.