Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56298

CVE 2016-7919 - SQLi on Moodle installation (Latest Version)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • 3.1.2
    • Installation
    • MOODLE_31_STABLE

      As has been shown, there is at least one parameter in installing Moodle in its latest version, which would still attacker implement SQL Inyection attacks, as can be seen in the attached link below. For our part we have already reported this vulnerability to CVE Mitre provisionally giving the CVE 2016-7919. During the day and all day tomorrow will proceed to give more details about this vulnerability as well as possible mitigation.

      Link: https://www.youtube.com/watch?v=pQS1GdQ3CBc

      Thanks.

            Unassigned Unassigned
            0xd0m7 José Domingo Carrillo
            Votes:
            2 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.