vulnerability

Moodle: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2022-0983)

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 25, 2022
Added
Apr 1, 2022
Modified
Nov 8, 2023

Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Solution(s)

moodle-upgrade-3_10_10moodle-upgrade-3_11_6moodle-upgrade-3_9_13
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.