Referenced CVEs:
CVE-2008-1502
Description:
===========================================================Ubuntu Security Notice USN-658-1 October 23, 2008moodle vulnerabilityCVE-2008-1502===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: moodle 1.8.2-1ubuntu2.1Ubuntu 8.04 LTS: moodle 1.8.2-1ubuntu4.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Lukasz Pilorz discovered that the HTML filtering used in Moodle was notstrict enough. A remote attacker could send malicious requests to Moodleand execute arbitrary code as the web server user.
More...