The Database module in Moodle prior to 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
moodle moodle
moodle moodle 1.6.0