Hmmm, I currently work for a local computer company that offer a website penetration test service. When I first joined Moodle used to be considered a bit of a joke, all the guys (and one female, who to be honest looked like a guy) who worked within pen-testing just saw it as easy money to be honest. The particular vulnerability was due to unsanitised input within SQL queries if I remember correctly, however, I have never been required to work with Moodle myself so naturally my input on recent versions is severly limited and you should pay close attention to anyone who posts regarding more recent experience.
Remember, the vulnerability I mentioned was in older versions of Moodle and (as I have already stated ) I personally haven't had to deal with a single instance of Moodle being used since I arrived...I can however ask those in the know what the particular vulnerability was (remember this will only apply to older versions unless people have dealt with it recently) if you have a serious interest in the subject...(please don't make me do this, it requires emailing the most arrogant computer experts on the planet.)
Alternatively you could just search it yourself, I'm certain someone will have published some info somewhere for those willing to turn to the omnipotent diety known to use mere mortals as Google.
P.s. please forgive my spelling and grammar (even though i have proof-read this twice) I have no doubt they are appalling due to the vast amount of wine I have consumed... Twas' a glorious night.
"So this is how liberty dies; With thunderous applause..."