[VIM] Moodle issue - invalid vendor ack? and extra vulns

Steven M. Christey coley at mitre.org
Tue Sep 19 17:41:08 EDT 2006

Ref: BUGTRAQ:20060917 Sql injection in Moodle

Discloser says "Version 1.6.2 has been released (moodle.org)", which
seems to have been picked up by some VDBs.

But the Moodle changelog for 1.6.2 here:


does not provide sufficient details to match up with the original
disclosure, although it does cover "Undisclosed SQL
injections fixed by automatic data conversions in adodb layer" which
doesn't quite seem to fit.

It also mentions other security issues, but most of the items are
terse and some might be enhancements instead of vulns.

Has anybody investigated further?

- Steve

More information about the VIM mailing list