| Topic: | Stored SQL Injection in calendar |
| Severity/Risk: | Serious |
| Versions affected: | 1.9 to 1.9.17+ |
| Reported by: | Simon Coggins |
| Issue no.: | MDL-31746 |
|
CVE Identifier: |
CVE-2012-2363 |
| Changes (1.9): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_19_STABLE&st=commit&s=MDL-31746 |
Description:
It was possible to include unfiltered information when adding a calendar event that was stored in the database.