Moodle.org: MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

از Petr Skoda در سه‌شنبه، 3 نوامبر 2009، 4:09 AM

Topic:	Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability
Severity/Risk:	Critical (only servers using Oracle and MS SQL databases)
Versions affected:	<1.9.6
Reported by:	Sam Moffatt
Issue no.:	MDL-19452
Solution:	upgrade to latest weekly build or 1.9.6
Workaround:	none

Description:
Sam Moffatt discovered a potential problem in the way ADODB library is quoting special characters when the database engine is using Sybase style quoting.

Security announcements

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world