"Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote
attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1)
admin/utfdbmigrate.php or (2) filter.php."
Reported against 1.7.1 which is not currently in any FE repo; reporting here in
order to track/ask for confirmation whether 1.6.x in FC-5 and FC-6, and 1.7 in
devel are affected.
This bug has been patched in moodle 1.6.5, which is being released for FC 5 and
FC 6, and the files in question are completely gone in 1.8.0, which is being
released for FC 7.