| Topic: | SQL injection in SCORM module |
| Severity/Risk: | Minor |
| Versions affected: | <1.8.11 and <1.9.7 |
| Reported by: | Andrea Tuccia |
| Issue no.: | MDL-20955 |
| Solution: | upgrade to 1.8.11 or 1.9.7 |
| Workaround: | none |
Description:
Andrea Tuccia discovered escaping issue when processing AICC CRS file (Course_Title). The problem is marked as minor because only trusted users are allow to upload SCORM packages.