Updated moodle package fixes multiple security vulnerabilitiesPublication date: 19 Sep 2013
Affected Mageia releases : 3
CVE: CVE-2013-4313 , CVE-2013-4341
Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle's SQL Server driver (CVE-2013-4313). Links to external blogs were not being adequately cleaned in Moodle before 2.4.6, potentially allowing for XSS attacks (CVE-2013-4341).