Description

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Remediation

References

CVE-2008-6124

Related Vulnerabilities

SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)

WordPress Plugin ThinkTwit Cross-Site Scripting (1.7.0)

WordPress Plugin VR Calendar Cross-Site Request Forgery (2.3.3)

Apache Tomcat Other Vulnerability (CVE-2002-0935)

MySQL CVE-2015-4737 Vulnerability (CVE-2015-4737)

Severity

High

Classification

CVE-2008-6124 CWE-138

Tags

Missing Update Known Vulnerabilities