CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
32.5%
moodle/moodle is vulnerable to SQL Injection. The vulnerability exists due to incorrect sorting of the access control table which allows an attacker to inject and execute arbitrary sql queries.
bugzilla.redhat.com/show_bug.cgi?id=2214371
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77193
github.com/moodle/moodle/commit/224a3af976adfaaae6f1011d593d3176f87eb438
github.com/moodle/moodle/commit/33c05e98e13c5465a53ea32f7d33d41d05b2b8a2
github.com/moodle/moodle/commit/677b67ac05164086894caacb2e24346c622facbb
github.com/moodle/moodle/commit/cd885856f35f70bf7b06038af1e57b43b91e5dda
github.com/moodle/moodle/commit/e8cc468184c04f12b7f3c647e90a2d6c6150e8af
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
moodle.org/mod/forum/discuss.php?d=447830