Topic: | SQL injection in SCORM module |
Severity/Risk: | Minor |
Versions affected: | <1.8.11 and <1.9.7 |
Reported by: | Andrea Tuccia |
Issue no.: | MDL-20955 |
Solution: | upgrade to 1.8.11 or 1.9.7 |
Workaround: | none |
Description:
Andrea Tuccia discovered escaping issue when processing AICC CRS file (Course_Title). The problem is marked as minor because only trusted users are allow to upload SCORM packages.