CVE-2012-3395

Name of the Vulnerable Software and Affected Versions Moodle versions 2.0.x through 2.0.9 Moodle versions 2.1.x through 2.1.6 Moodle versions 2.2.x through 2.2.3

Description The issue allows remote authenticated users to execute arbitrary SQL commands via crafted form data. This is a result of a SQL injection vulnerability in the mod/feedback/complete.php file.

Recommendations For Moodle versions 2.0.x through 2.0.9, update to version 2.0.10 or later. For Moodle versions 2.1.x through 2.1.6, update to version 2.1.7 or later. For Moodle versions 2.2.x through 2.2.3, update to version 2.2.4 or later.