CVE-2010-1615

Priority
Medium
Description
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and
1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands
via vectors related to (1) the add_to_log function in mod/wiki/view.php in
the wiki module, or (2) "data validation in some forms elements" related to
lib/form/selectgroups.php.
References
Notes
 kees> MSA-10-0006 http://tracker.moodle.org/browse/MDL-21818
Package
Upstream:released (1.9.8)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-2)
Patches:
Upstream:http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:27 UTC (commit 9756)