Security Announcements

MSA-08-0010: sql injection in HotPot module

 
 
Picture of Petr Skoda (Totara LMS)
MSA-08-0010: sql injection in HotPot module
 
Topic: sql injection in HotPot module
Severity: Major
Versions affected: <1.6.7, <1.7.5, <1.8.6, <1.9.2
Reported by: internal
Issue no.: MDL-15184
Solution: upgrade to 1.6.7, 1.7.5, 1.8.6, 1.9.2 or any recent nightly or use patch http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2

Description:

We have discovered that Hotpot module code in report.php was vulnerable to sql injection attacks.