Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. SQL injection vulnerabilities exist in Moodle 3.11 through 3.11.4, which stem from insufficient cleanup of user-supplied data in the h5p active Web service responsible for obtaining user attempt data. An attacker could exploit this vulnerability to execute illegal SQL commands.
CPE | Name | Operator | Version |
---|---|---|---|
Moodle Moodle >=3.11.0, | lt | 3.11.5 |