BIT-moodle-2023-35132
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-35132.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-moodle-2023-35132
- Aliases
- Published
- 2024-03-06T10:59:08.929Z
- Modified
- 2024-04-20T07:49:38.167Z
- Summary
- [none]
- Details
-
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
- Database specific
{ "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
- https://moodle.org/mod/forum/discuss.php?d=447830
- https://bugzilla.redhat.com/show_bug.cgi?id=2214371
Affected packages
Bitnami / moodle
Package
- Name
- moodle
- Purl
- pkg:bitnami/moodle
Severity
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator