SQL Injection Vulnerability in Moodle Site Administration by Moodle
CVE-2022-40315
9.8CRITICAL
What is CVE-2022-40315?
A potential SQL injection vulnerability was detected on the 'browse list of users' page within Moodle's site administration area. This flaw may allow an attacker to manipulate SQL queries to access sensitive data or execute unauthorized actions. With proper mitigation measures, such as validating and sanitizing input, users can protect their systems from exploitation.
Affected Version(s)
moodle 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions