Lucene search

K
osvGoogleOSV:GHSA-RVMC-8GMG-GGQR
HistoryMar 12, 2022 - 12:00 a.m.

Moodle Blind SQL injection possible via MNet authentication

2022-03-1200:00:32
Google
osv.dev
7

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.1%

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.1%