CVE-2022-0983 — SQL Injection in Moodle

CWE-89 — SQL Injection4 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 39.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora

Timeline

PublishedMar 25

Latest updateMar 26

Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmoodle/moodle3.9.0 — 3.9.13+2

▶Packagistmoodle/moodle3.11.0 — 3.11.6+2

▶CVEListV5moodle/moodlemoodle 3.11.6, moodle 3.10.10, moodle 3.9.13

▶NVDfedoraproject/extra_packages7.0

Also affects: Fedora 35, 36

🔴Vulnerability Details

OSV

SQL Injection in Moodle↗2022-03-26

▶

GHSA

SQL Injection in Moodle↗2022-03-26

▶

OSV

CVE-2022-0983: An SQL injection risk was identified in Badges code relating to configuring criteria↗2022-03-25

▶