SQL Injection in Moodle
High severity
GitHub Reviewed
Published
Mar 26, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Package
Affected versions
>= 3.11.0, < 3.11.6
>= 3.10.0, < 3.10.10
< 3.9.13
Patched versions
3.11.6
3.10.10
3.9.13
Description
Published by the National Vulnerability Database
Mar 25, 2022
Published to the GitHub Advisory Database
Mar 26, 2022
Reviewed
Apr 1, 2022
Last updated
Jan 27, 2023
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
References