SQL injection in Moodle

2022-01-2822:08:14

Google

osv.dev

111

0.002 Low

EPSS

Percentile

62.3%

JSON

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

CPENameOperatorVersion
moodle/moodleeq3.11.1
moodle/moodleeq3.11.0
moodle/moodleeq3.11.0-rc2
moodle/moodleeq3.11.0-beta
moodle/moodleeq3.11.3
moodle/moodleeq3.11.0-rc1
moodle/moodleeq3.11.4
moodle/moodleeq3.11.2

Name	Operator	Version
moodle/moodle	eq	3.11.1
moodle/moodle	eq	3.11.0
moodle/moodle	eq	3.11.0-rc2
moodle/moodle	eq	3.11.0-beta
moodle/moodle	eq	3.11.3
moodle/moodle	eq	3.11.0-rc1
moodle/moodle	eq	3.11.4
moodle/moodle	eq	3.11.2