Topic: | Incorrect validation of forms data |
Severity/Risk: | Critical |
Versions affected: | <1.8.12 and <1.9.8 |
Reported by: | Sascha Herzog |
Issue no.: | MDL-21767 |
Solution: | upgrade to 1.8.12 or 1.9.8 |
Workaround: | apply patch http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3 or http://cvs.moodle.org/moodle/lib/form/select.php?r1=1.10.4.2&r2=1.10.4.3 |
Description:
Sascha Herzog discovered a SQL injection exploit in several forms, this was caused by incorrect data validation in some forms elements.