Bug 232103 (CVE-2007-1429)

Summary: CVE-2007-1429: moodle 1.7.1 remote file inclusion
Product: [Fedora] Fedora Reporter: Ville Skyttä <ville.skytta>
Component: moodleAssignee: Jerry James <loganjerry>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-15 22:21:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2007-03-13 21:16:47 UTC 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1429

"Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote
attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1)
admin/utfdbmigrate.php or (2) filter.php."

Reported against 1.7.1 which is not currently in any FE repo; reporting here in
order to track/ask for confirmation whether 1.6.x in FC-5 and FC-6, and 1.7 in
devel are affected.
Comment 1 Jerry James 2007-04-15 22:21:50 UTC 
This bug has been patched in moodle 1.6.5, which is being released for FC 5 and
FC 6, and the files in question are completely gone in 1.8.0, which is being
released for FC 7.