GitHub Advisory DatabaseGHSA-7MMC-22G7-3XQ2Moodle SQL Injection vulnerability
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.004 Low
EPSS
Percentile
73.2%
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 4.2.0-rc2 |
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187
bugzilla.redhat.com/show_bug.cgi?id=2188606
github.com/advisories/GHSA-7mmc-22g7-3xq2
github.com/moodle/moodle/commit/5521d1d6e8bb8bebb76ad8154095f6b18ea26e7f
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54TM5H5PDUDYXOQ7X7PPYWP4AJDAE73I
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZBWRVUJF7HI53XCJPJ3YJZPOV5HBRUY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBFSXRYLT4ICKJVQSRBAOUDMDRVSVBLS
lists.fedoraproject.org/archives/list/[email protected]/message/54TM5H5PDUDYXOQ7X7PPYWP4AJDAE73I
lists.fedoraproject.org/archives/list/[email protected]/message/MZBWRVUJF7HI53XCJPJ3YJZPOV5HBRUY
lists.fedoraproject.org/archives/list/[email protected]/message/PBFSXRYLT4ICKJVQSRBAOUDMDRVSVBLS
moodle.org/mod/forum/discuss.php?d=446286
nvd.nist.gov/vuln/detail/CVE-2023-30944
Related
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.004 Low
EPSS
Percentile
73.2%