-
Bug
-
Resolution: Won't Do
-
Minor
-
None
-
3.1.2
-
MOODLE_31_STABLE
As has been shown, there is at least one parameter in installing Moodle in its latest version, which would still attacker implement SQL Inyection attacks, as can be seen in the attached link below. For our part we have already reported this vulnerability to CVE Mitre provisionally giving the CVE 2016-7919. During the day and all day tomorrow will proceed to give more details about this vulnerability as well as possible mitigation.
Link: https://www.youtube.com/watch?v=pQS1GdQ3CBc
Thanks.