Although it has been reported that this issue is fixed in version 1.4.2 of the affected software, this is not confirmed. Please contact the vendor for more information. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Moodle contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the sql.php script in the glossary module does not properly verify user-supplied input and will allow an attacker to inject or manipulate SQL queries.
Upgrade to version 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.