vulnerability
Moodle: Improper Neutralization of Special Elements used in an SQL Command (CVE-2023-28329)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Mar 23, 2023 | Mar 29, 2023 | May 7, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Mar 23, 2023
Added
Mar 29, 2023
Modified
May 7, 2026
Description
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Solution
moodle-upgrade-latest
References
- CVE-2023-28329
- https://attackerkb.com/topics/CVE-2023-28329
- https://bugzilla.redhat.com/show_bug.cgi?id=2179406
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
- https://moodle.org/mod/forum/discuss.php?d=445061
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0916
- CWE-89
- EUVD-EUVD-2023-0916
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.