Topic: | SQL injection in update_record |
Severity/Risk: | Critical |
Versions affected: | <1.9.6, <1.8.10, 1.7.x |
Reported by: | Georg-Christian Pranschke |
Issue no.: | MDL-20309 |
Solution: | upgrade to latest weekly builds, 1.9.6 or 1.8.10 |
Workaround: | apply patches: |
Description:
Georg-Christian Pranschke discovered a serious problem in update_record function. This problem may allow any registered user to exploit several different scripts.