SQL Injection Risk in Moodle for Education Platforms
CVE-2023-35132

6.3MEDIUM

Key Information:

Vendor: Moodle
Status: moodle
Vendor: CVE Published:; 22 June 2023

Summary

A vulnerability has been detected in the Mnet SSO access control page of Moodle that allows for a limited SQL injection attack. This flaw could potentially allow an attacker to manipulate database queries, affecting the integrity and confidentiality of information within the affected Moodle versions. Users are encouraged to update their installations to mitigate any risks associated with this vulnerability.

Affected Version(s)

moodle 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=447830

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Jun 13, 2023