SQL Injection Vulnerability in Moodle Badges Configuration
CVE-2022-30599

9.8CRITICAL

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 18 May 2022

🔔 Create Moodle Vulnerability Alert

What is CVE-2022-30599?

A significant SQL injection vulnerability has been identified in Moodle's Badges code, specifically relating to the configuration of criteria. This flaw could potentially allow attackers to manipulate database queries, leading to unauthorized data access or alteration. Users of affected versions should promptly apply the necessary patches to mitigate this risk and secure their environments.

Affected Version(s)

moodle Affects : 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=434581

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2083610

x_refsource_MISC

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
May 12, 2022

CVE-2022-30599 Data

.