Best practice forum (Archived)

CRITICAL MOODLE VULNERABILITY COULD LEAD TO SERVER COMPROMISE

 
? ?
CRITICAL MOODLE VULNERABILITY COULD LEAD TO SERVER COMPROMISE
بواسطة Wednesday, 22 March 2017, 7:02 AM - ? ?
 

Hi,

I have read the information on the Internet I have also provided URL. Whether totara will have any impact on this?

A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the University of Oxford, and Stanford University, use the service to provide students with course outlines, grades, and other personal data. The issue–at its root a SQL injection vulnerability–could be used by an attacker to execute PHP code on a university’s server according to Netanel Rubin, the researcher who found the bug.

https://threatpost.com/critical-moodle-vulnerability-could-lead-to-server-compromise/124446/


Sam Hemelryk
Re: CRITICAL MOODLE VULNERABILITY COULD LEAD TO SERVER COMPROMISE
بواسطة Wednesday, 22 March 2017, 1:06 PM - Sam Hemelryk
مجموعة Totara

Hi Ramakrishnan S,

Thanks for raising this topic.
We're currently getting a lot of questions about this exploit and whether it affects Totara.
I've started a thread in the General discussions forum to share about this exploit and on which we can discuss and answer any questions.

https://totara.community/mod/forum/discuss.php?d=12082

Have a read of the first post and if you have any questions please ask them there.

Kind regards
Sam Hemelryk