lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Sep 2006 10:18:48 +0430 From: "Omid" <omid@...kers.ir> To: <bugtraq@...urityfocus.com> Subject: Sql injection in Moodle Hi, There is a sql injection in Moodle 1.6.1+ (and maybe before versions) : The "$blogEntry" parameter passed to "insert_record()" function in /blog/edit.php, is not checked properly . Version 1.6.2 has been released (moodle.org). - Omid