|Topic:||Incorrect validation of forms data|
|Versions affected:||<1.8.12 and <1.9.8|
|Reported by:||Sascha Herzog|
|Solution:||upgrade to 1.8.12 or 1.9.8|
|Workaround:||apply patch http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=184.108.40.206&r2=220.127.116.11 or http://cvs.moodle.org/moodle/lib/form/select.php?r1=18.104.22.168&r2=22.214.171.124|
Sascha Herzog discovered a SQL injection exploit in several forms, this was caused by incorrect data validation in some forms elements.