Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56298

CVE 2016-7919 - SQLi on Moodle installation (Latest Version)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Won't Do
    • 3.1.2
    • None
    • Installation
    • MOODLE_31_STABLE

    Description

      As has been shown, there is at least one parameter in installing Moodle in its latest version, which would still attacker implement SQL Inyection attacks, as can be seen in the attached link below. For our part we have already reported this vulnerability to CVE Mitre provisionally giving the CVE 2016-7919. During the day and all day tomorrow will proceed to give more details about this vulnerability as well as possible mitigation.

      Link: https://www.youtube.com/watch?v=pQS1GdQ3CBc

      Thanks.

      Attachments

        Activity

          People

            Unassigned Unassigned
            0xd0m7 José Domingo Carrillo
            Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            2 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: