Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle < 1.4.3 Glossary Module SQLi

High

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running a version of the Moodle suite, an open-source course management system written in PHP, that is older than version 1.4.3. The remote version of this software is vulnerable to a SQL injection issue in the 'glossary' module due to a lack of user input sanitization.

Solution

Upgrade to Moodle 1.4.3 or higher.