Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2016-7919

DISPUTED Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors related to a quotSQL Injectionquot issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report noting that quotthe person who is installing Moodle must know database access credentials and they can access the database directly there is no need for them to create a SQL injection in one of the installation dialogue fields.quot