Description
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-16651)
WordPress Plugin Custom Tables 'key' Parameter Cross-Site Scripting (3.4.4)
WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)