Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the information stored in the log tables was not properly sanitized, which could allow attackers to inject arbitrary web code. It was discovered that certain input via the "Login as" function was not properly sanitised leading to the injection of arbitrary web script. Dmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update.