Security Announcements

 
 
Picture of Helen Foster
MSA-09-0031: SQL injection in SCORM module
 
Topic: SQL injection in SCORM module
Severity/Risk: Minor
Versions affected: <1.8.11 and <1.9.7
Reported by: Andrea Tuccia
Issue no.: MDL-20955
Solution: upgrade to 1.8.11 or 1.9.7
Workaround: none


Description:
Andrea Tuccia discovered escaping issue when processing AICC CRS file (Course_Title). The problem is marked as minor because only trusted users are allow to upload SCORM packages.