Description

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Remediation

References

CVE-2008-6124

Related Vulnerabilities

Oracle HTTP Server CVE-2016-0671 Vulnerability (CVE-2016-0671)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (5.3.6)

WordPress Plugin Gallery Objects SQL Injection (0.4)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16862)

WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)

Severity

High

Classification

CVE-2008-6124 CWE-138

Tags

Missing Update Known Vulnerabilities