CVE-2016-7919

Name of the Vulnerable Software and Affected Versions Moodle version 3.1.2

Description The issue allows remote attackers to obtain sensitive information via unspecified vectors, related to a SQL Injection issue affecting the Administration panel function in the installation process component. The vendor disputes the relevance of this report, noting that the person installing Moodle must know database access credentials and they can access the database directly, thus there is no need for them to create a SQL injection in one of the installation dialogue fields.

Recommendations For Moodle version 3.1.2, consider restricting access to the Administration panel function in the installation process component to minimize the risk of exploitation. As a temporary workaround, avoid using the installation dialogue fields that may be vulnerable to SQL injection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.