|Topic:||Incorrect validation of forms data|
|Versions affected:||<1.8.12 and <1.9.8|
|Reported by:||Sascha Herzog|
|Solution:||upgrade to 1.8.12 or 1.9.8|
|Workaround:||apply patch http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=18.104.22.168&r2=22.214.171.124 or http://cvs.moodle.org/moodle/lib/form/select.php?r1=126.96.36.199&r2=188.8.131.52|
Sascha Herzog discovered a SQL injection exploit in several forms, this was caused by incorrect data validation in some forms elements.