|Topic:||Incorrect validation of forms data|
|Versions affected:||<1.8.12 and <1.9.8|
|Reported by:||Sascha Herzog|
|Solution:||upgrade to 1.8.12 or 1.9.8|
|Workaround:||apply patch http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=126.96.36.199&r2=188.8.131.52 or http://cvs.moodle.org/moodle/lib/form/select.php?r1=184.108.40.206&r2=220.127.116.11|
Sascha Herzog discovered a SQL injection exploit in several forms, this was caused by incorrect data validation in some forms elements.