Moodle 1.6.1+ and possibly prior versions are vulnerable to an SQL injection flaw in /blog/edit.php.
310b1b0eeb26e40ec98ab533d37b7655f95a227cb3acf4eb31c3e4a9f2692528
Hi,
There is a sql injection in Moodle 1.6.1+ (and maybe
before versions) :
The "$blogEntry" parameter passed to "insert_record()"
function in /blog/edit.php, is not checked properly .
Version 1.6.2 has been released (moodle.org).
- Omid