moodle/moodle is vulnerable to sql injection attacks. The vulnerability exists in get_users_listing
function of datalib.php
due to improper implementation of sort helper and column mapping for sort which allows an attacker to inject malicious queries into the system.
bugzilla.redhat.com/show_bug.cgi?id=2128150
git.moodle.org/gw?p=moodle.git;a=commit;h=3f81b85e7d3ab08d841b567c516cb556a44155a5
git.moodle.org/gw?p=moodle.git;a=commit;h=5e3707417de3e0a7317c52c0c5bab3b015a215da
github.com/advisories/GHSA-mqw9-3cjm-xwp3
github.com/moodle/moodle/commit/3d11b25cce6b8c1c5bd84b9c76dd45786bbc0268
github.com/moodle/moodle/commit/92c332f49100f4084a2c3ef76b2b60dfe4291ccd
github.com/moodle/moodle/commit/b3041d3a0f52bc19e37e8b4560c9367fc9f43143
github.com/moodle/moodle/commit/c4ba598a0bdd9f4cff86dfa67e57ebeea7c16a7d
github.com/moodle/moodle/commit/c4df60bb8daf229896f0b7c6a33744ae26bd4d81
moodle.org/mod/forum/discuss.php?d=438394