Topic: | sql injection in HotPot module |
Severity: | Major |
Versions affected: | <1.6.7, <1.7.5, <1.8.6, <1.9.2 |
Reported by: | internal |
Issue no.: | MDL-15184 |
Solution: | upgrade to 1.6.7, 1.7.5, 1.8.6, 1.9.2 or any recent nightly or use patch http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2 |
Description:
We have discovered that Hotpot module code in report.php was vulnerable to sql injection attacks.