| Topic: | Ability to fill a database with invalid records through ratings |
| Severity: | Major |
| Versions affected: | < 2.0.3 (1.9.x not affected) |
| Reported by: | Sam Hemelryk |
| Issue no.: | MDL-26838 |
| Solution: | Upgrade to the latest version |
| Workaround: | None - please upgrade to the latest version as soon as possible |
Description:
It is possible if logged in as an authenticated user to generate invalid records within the rating table of the database, and if someone was intent on doing destruction they could write a script to spam the database.