CVE-2010-1615 Information

Description

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module or (2) \data validation in some forms elements\ related to lib/form/selectgroups.php.

Reference

http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3 http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://moodle.org/security/ http://www.vupen.com/english/advisories/2010/1107