SQL Injection Vulnerability in Moodle Affecting User Data Submission
CVE-2023-30944

7.3HIGH

Key Information:

Vendor: Moodle
Status: moodle
Vendor: CVE Published:; 2 May 2023

What is CVE-2023-30944?

A security vulnerability identified in Moodle stems from inadequate sanitization of user-supplied data, which can be exploited through the external Wiki method for listing pages. An attacker can craft a malicious request that, when processed by the application, enables them to execute limited SQL commands against the application database, potentially compromising data integrity and user information.

Affected Version(s)

moodle Fixed in 4.1.3, 4.0.8, 3.11.14 and 3.9.21

References

https://bugzilla.redhat.com/show_bug.cgi?id=2188606

https://moodle.org/mod/forum/discuss.php?d=446286

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2023
Vulnerability Reserved
Apr 21, 2023