CVE-2010-1615: Moodle vulnerable to SQL injection

May 13, 2022 (updated April 12, 2025)

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) “data validation in some forms elements” related to lib/form/selectgroups.php.

References

github.com/advisories/GHSA-9xp2-5fr9-7mwm
github.com/moodle/moodle
nvd.nist.gov/vuln/detail/CVE-2010-1615

Code Behaviors & Features

Detect and mitigate CVE-2010-1615 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →