Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66157

SQL Injection and Path Transversal

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.6.2, 3.7, 3.7.1
    • Fix Version/s: None
    • Component/s: Database SQL/XMLDB
    • Labels:
      None
    • Affected Branches:
      MOODLE_36_STABLE, MOODLE_37_STABLE

      Description

      Hi Moodle Team,

      I have installed Moodle 3.7.x from github. Before to public it, I did a test with OWASP-ZAP 2.7.0 and I found two high level issues. The first is a SQL Injection and the second a Path Transversal.

      The log file to see what I found is: https://drive.google.com/file/d/1RlN-7Eqt-W3ysvdeIz-YssPnJlIPAjtI/view?usp=sharing

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: