Description

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Remediation

References

CVE-2008-6124

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20186)

WordPress Plugin WooCommerce Security Bypass (4.6.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2081)

MongoDb Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4650)

ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498)

Severity

High

Classification

CVE-2008-6124 CWE-138

Tags

Missing Update Known Vulnerabilities