Description

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

Remediation

References

CVE-2010-1615

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2012-1618)

WordPress Plugin WP eCommerce 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)

WordPress Other Vulnerability (CVE-2006-3389)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.8.11)

WordPress Plugin Abstract Submission Local File Inclusion (0.6)

Severity

High

Classification

CVE-2010-1615 CWE-138

Tags

Missing Update Known Vulnerabilities