Similar hacks have been discussed here: http://moodle.org/mod/forum/discuss.php?d=111710#p490453 Affected sites seem to be all running PHP with register_global turned on, which is a really bad idea and not recommended by Moodle.