VYPR
High severity7.5OSV Advisory· Published Oct 28, 2016· Updated Jun 17, 2026

CVE-2016-7919

CVE-2016-7919

Description

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.

Affected products

3
  • Moodle/MoodleOSV3 versions
    v1.0.0, v1.0.1, v1.0.2, …+ 2 more
    • (no CPE)range: v1.0.0, v1.0.1, v1.0.2, …
    • cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*
    • (no CPE)range: <3.1.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.