As you can see here: https://moodle.org/security/ (scroll down to MSA-18-0007) this was fixed in 3.1.12, so you just need to upgrade to that version.
You should register your site (https://docs.moodle.org/31/en/Site_registration). That way, you will get an email as soon as security fixes are released so you can upgrade your site before the details are made public.