CVE-2010-1615

Priority
Medium
Description
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and
1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands
via vectors related to (1) the add_to_log function in mod/wiki/view.php in
the wiki module, or (2) "data validation in some forms elements" related to
lib/form/selectgroups.php.
References
Notes
kees> MSA-10-0006 http://tracker.moodle.org/browse/MDL-21818
Package
Upstream:released (1.9.8)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-2)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.9.9.dfsg2-2)
Ubuntu 13.04 (Raring Ringtail):not-affected (1.9.9.dfsg2-2)
Ubuntu 13.10 (Saucy Salamander):not-affected (1.9.9.dfsg2-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-2)
Patches:
Upstream:http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:06 UTC (commit 7585)