vulnerability

Moodle: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2022-0983)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	2022-03-25	2022-04-01	2023-11-08

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

2022-03-25

Added

2022-04-01

Modified

2023-11-08

Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Solution(s)

moodle-upgrade-3_10_10moodle-upgrade-3_11_6moodle-upgrade-3_9_13

References

CVE-2022-0983
https://attackerkb.com/topics/CVE-2022-0983
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2064119
URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today