Topic: | Ability to fill a database with invalid records through ratings |
Severity: | Major |
Versions affected: | < 2.0.3 (1.9.x not affected) |
Reported by: | Sam Hemelryk |
Issue no.: | MDL-26838 |
Solution: | Upgrade to the latest version |
Workaround: | None - please upgrade to the latest version as soon as possible |
Description:
It is possible if logged in as an authenticated user to generate invalid records within the rating table of the database, and if someone was intent on doing destruction they could write a script to spam the database.