vulnerability
Moodle: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2022-0983)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Mar 25, 2022 | Apr 1, 2022 | Nov 8, 2023 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 25, 2022
Added
Apr 1, 2022
Modified
Nov 8, 2023
Description
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
Solution(s)
moodle-upgrade-3_10_10moodle-upgrade-3_11_6moodle-upgrade-3_9_13

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.