VYPR
← All advisories
High severityNVD Advisory· Published Apr 29, 2010· Updated Apr 29, 2026

CVE-2010-1615

CVE-2010-1615

Description

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 1.8.0, < 1.8.121.8.12
moodle/moodlePackagist
>= 1.9.0, < 1.9.81.9.8

Affected products

18
  • Moodle/Moodle18 versions
    cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.