A limited SQL injection risk was identified in the "browse list of users" site administration page.
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*" ] }