| Topic: | sql injection in HotPot module |
| Severity: | Major |
| Versions affected: | <1.6.7, <1.7.5, <1.8.6, <1.9.2 |
| Reported by: | internal |
| Issue no.: | MDL-15184 |
| Solution: | upgrade to 1.6.7, 1.7.5, 1.8.6, 1.9.2 or any recent nightly or use patch http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2 |
Description:
We have discovered that Hotpot module code in report.php was vulnerable to sql injection attacks.