Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39774

HistoryMar 14, 2023 - 12:42 p.m.

SQL Injection

2023-03-1412:42:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

24

moodle

sql injection

vulnerable

information disclosure

lib.php

recent courses

software security

EPSS

0.001

Percentile

50.6%

moodle/moodle is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in lib.php, allowing an authenticated attacker to inject and execute malicious SQL queries when viewing a users recent courses, leading to Information Disclosure.

References

github.com/advisories/GHSA-f46j-r7q3-6cm2

github.com/moodle/moodle/commit/68c90578e7a13cfa188bc07a9ce6fe02f9444d01

github.com/moodle/moodle/commit/97a56d77a985d6e298695f63e425ffe1a8a904fc

github.com/moodle/moodle/commit/c5b4da7257ec69bf8a7d2a8544cee4d730ad44eb

github.com/moodle/moodle/commit/db6340a0e172c5420c010536afd1e9f11ac87e6b

moodle.org/mod/forum/discuss.php?d=424798

EPSS

0.001

Percentile

50.6%

Related for VERACODE:39774

zdt1 cve1 osv3 packetstorm1 github1 cvelist1 ubuntucve1 nvd1 exploitdb1 prion1 githubexploit3 openvas1 nessus3