[VIM] Moodle issue - invalid vendor ack? and extra vulns
Steven M. Christey
coley at mitre.org
Tue Sep 19 17:41:08 EDT 2006
Ref: BUGTRAQ:20060917 Sql injection in Moodle
http://www.securityfocus.com/archive/1/archive/1/446227/100/0/threaded
Discloser says "Version 1.6.2 has been released (moodle.org)", which
seems to have been picked up by some VDBs.
But the Moodle changelog for 1.6.2 here:
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
does not provide sufficient details to match up with the original
disclosure, although it does cover "Undisclosed SQL
injections fixed by automatic data conversions in adodb layer" which
doesn't quite seem to fit.
It also mentions other security issues, but most of the items are
terse and some might be enhancements instead of vulns.
Has anybody investigated further?
- Steve
More information about the VIM
mailing list