9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.5%
moodle/moodle is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in lib.php
, allowing an authenticated attacker to inject and execute malicious SQL queries when viewing a users recent courses, leading to Information Disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.0 | |
moodle/moodle | le | v3.10.4 | |
moodle/moodle | le | v3.9.7 | |
moodle/moodle | le | v3.11.0 | |
moodle/moodle | le | v3.10.4 | |
moodle/moodle | le | v3.9.7 |
github.com/advisories/GHSA-f46j-r7q3-6cm2
github.com/moodle/moodle/commit/68c90578e7a13cfa188bc07a9ce6fe02f9444d01
github.com/moodle/moodle/commit/97a56d77a985d6e298695f63e425ffe1a8a904fc
github.com/moodle/moodle/commit/c5b4da7257ec69bf8a7d2a8544cee4d730ad44eb
github.com/moodle/moodle/commit/db6340a0e172c5420c010536afd1e9f11ac87e6b
moodle.org/mod/forum/discuss.php?d=424798
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.5%