Veracode Vulnerability DatabaseVERACODE:41114SQL Injection
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
32.5%
moodle/moodle is vulnerable to SQL Injection. The vulnerability exists due to incorrect sorting of the access control table which allows an attacker to inject and execute arbitrary sql queries.
References
bugzilla.redhat.com/show_bug.cgi?id=2214371
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77193
github.com/moodle/moodle/commit/224a3af976adfaaae6f1011d593d3176f87eb438
github.com/moodle/moodle/commit/33c05e98e13c5465a53ea32f7d33d41d05b2b8a2
github.com/moodle/moodle/commit/677b67ac05164086894caacb2e24346c622facbb
github.com/moodle/moodle/commit/cd885856f35f70bf7b06038af1e57b43b91e5dda
github.com/moodle/moodle/commit/e8cc468184c04f12b7f3c647e90a2d6c6150e8af
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
moodle.org/mod/forum/discuss.php?d=447830
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
32.5%