| Topic: | Incorrect escaping when updating first post in a single simple discussion forum type |
| Severity/Risk: | Minor |
| Versions affected: | <1.9.6, <1.8.10 |
| Reported by: | Nicola Vitacolonna |
| Issue no.: | MDL-20555 |
| Solution: | upgrade to latest weekly build or 1.9.6 |
| Workaround: | none |
Description:
Nicola Vitacolonna discovered forum introduction is incorrectly escaped when editing the first post of a single simple discussion forum. This can potentially lead to SQL injection attacks by teachers. Students can not exploit this problem.