Moodle.org: MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

◄ MSA-09-0020: Teachers can view students' grades in all courses in the overview report
MSA-09-0022: Multiple CSRF problems fixed ►

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

by Petr Skoda - Tuesday, 3 November 2009, 4:09 AM

Topic:	Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability
Severity/Risk:	Critical (only servers using Oracle and MS SQL databases)
Versions affected:	<1.9.6
Reported by:	Sam Moffatt
Issue no.:	MDL-19452
Solution:	upgrade to latest weekly build or 1.9.6
Workaround:	none

Description:
Sam Moffatt discovered a potential problem in the way ADODB library is quoting special characters when the database engine is using Sybase style quoting.

◄ MSA-09-0020: Teachers can view students' grades in all courses in the overview report
MSA-09-0022: Multiple CSRF problems fixed ►

Security announcements

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world