[MDL-56298] CVE 2016-7919 - SQLi on Moodle installation (Latest Version) - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Won't Do
Affects Version/s: 3.1.2
Fix Version/s: None
Component/s: Installation
Labels:
- triaged

Affected Branches:
MOODLE_31_STABLE

Description

As has been shown, there is at least one parameter in installing Moodle in its latest version, which would still attacker implement SQL Inyection attacks, as can be seen in the attached link below. For our part we have already reported this vulnerability to CVE Mitre provisionally giving the CVE 2016-7919. During the day and all day tomorrow will proceed to give more details about this vulnerability as well as possible mitigation.

Link: https://www.youtube.com/watch?v=pQS1GdQ3CBc

Thanks.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: José Domingo Carrillo

Participants:: Dan Marsden, Dan Poltawski, José Domingo Carrillo, Marina Glancy, Matt Porritt

Component watchers:: Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 2 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 07/Oct/16 1:14 AM

Updated:: 02/Dec/22 7:54 AM

Resolved:: 02/Dec/22 7:54 AM