SQL Injection Vulnerability in Innovación y Cualificación Local Administration Plugin
CVE-2025-2199
Currently unrated
Key Information:
- Vendor
Moodle
- Vendor
- CVE Published:
- 17 March 2025
What is CVE-2025-2199?
An SQL injection vulnerability exists in the Innovación y Cualificación local administration plugin's ajax.php file. This flaw enables attackers to execute unauthorized SQL queries, potentially allowing them to access, modify, or delete sensitive database information through specific functions. Attackers can exploit this vulnerability via the 'searchActionsToUpdate', 'searchSpecialitiesPending', 'searchSpecialitiesLinked', 'searchUsersToUpdateProfile', 'training_action_data', 'showContinuingTrainingCourses', and 'showUsersToEdit' endpoints, leading to significant data breaches and unauthorized alterations.