TotalChoice Hosting Family Forums > Moodle Multiple Vulnerabilities

Full Version: Moodle Multiple Vulnerabilities

TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions > Software/Scripts/Other Alerts

TCH-Thomas

Sep 13 2006, 09:22 AM

From Secunia:

Description:
Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to disclose potentially sensitive information, and conduct cross-site scripting and SQL injection attacks.

1) Certain information can be disclosed from scheduled backups and via help.php.

2) Some unspecified input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Some unspecified input passed in doc/index.php and files/index.php isn't properly sanitised before being returned to the user. This may be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities have been reported in version 1.6.1. Prior versions may also be affected.

Other security related issues have also been reported.

Solution:
Update to version 1.6.2.
http://download.moodle.org/

TCH-Bruce

Sep 13 2006, 10:27 AM

Thanks Thomas

TCH-Don

Sep 13 2006, 04:16 PM

Thanks Thomas.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.