Description
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chained Quiz Multiple Cross-Site Scripting Vulnerabilities (0.9.8)
Oracle Database Server CVE-2011-0806 Vulnerability (CVE-2011-0806)
WordPress Plugin wpForo Forum Open Redirect (1.9.6)
WordPress Plugin A2 Optimized WP Information Disclosure (2.0.10.8)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2079)