Description
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)
WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)
WordPress Plugin Video Embed & Thumbnail Generator Cross-Site Scripting (4.0.3)
WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)