vulnerability

Moodle: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2023-30944)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 2, 2023
Added
May 12, 2023
Modified
Jan 28, 2025

Description

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

Solution(s)

moodle-upgrade-3_11_14moodle-upgrade-3_9_21moodle-upgrade-4_0_8moodle-upgrade-4_1_3
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.