moodle/moodle is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in lib.php
, allowing an authenticated attacker to inject and execute malicious SQL queries when viewing a users recent courses, leading to Information Disclosure.
github.com/advisories/GHSA-f46j-r7q3-6cm2
github.com/moodle/moodle/commit/68c90578e7a13cfa188bc07a9ce6fe02f9444d01
github.com/moodle/moodle/commit/97a56d77a985d6e298695f63e425ffe1a8a904fc
github.com/moodle/moodle/commit/c5b4da7257ec69bf8a7d2a8544cee4d730ad44eb
github.com/moodle/moodle/commit/db6340a0e172c5420c010536afd1e9f11ac87e6b
moodle.org/mod/forum/discuss.php?d=424798