SQL Injection Vulnerability in Badges Code by Red Hat
CVE-2022-0983

8.8HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 25 March 2022

What is CVE-2022-0983?

A vulnerability was found in the Badges code, specifically concerning the configuration of criteria which allows for SQL injection attacks. While access to the related capability is restricted by default to teachers and managers, the flaw could expose sensitive data if exploited, making it crucial for organizations using the product to implement mitigations and stay updated with security patches.

Affected Version(s)

moodle moodle 3.11.6, moodle 3.10.10, moodle 3.9.13

References

https://bugzilla.redhat.com/show_bug.cgi?id=2064119

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2022
Vulnerability Reserved
Mar 15, 2022

CVE-2022-0983 Data

JSON

Moodle

What is CVE-2022-0983?

Affected Version(s)

References

CVSS V3.1

Timeline