CVE-2008-6124: SQL Injection
First published: Fri Feb 13 2009(Updated: )
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=1.6<1.6.7 | |
| Moodle Moodle | >=1.7<1.7.5 | |
| Moodle Moodle | >=1.8<1.8.6 | |
| Moodle Moodle | >=1.9<1.9.2 | |
| Debian Debian Linux | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/1.6
- version/moodle moodle/1.7
- version/moodle moodle/1.8
- version/moodle moodle/1.9
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/4.0