Boletines de Vulnerabilidades

MSA-23-0022: SQL injection risk in grader report sorting

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. An SQL injection risk was identified in the grader report sorting.(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)Severity/Risk:SeriousVersions affected:4.2 to 4.2.1Versions fixed:4.2.2Reported by:Paul HoldenWorkaround:Remove access to the gradereport/grader:view capability until the patch has been applied.CVE identifier:CVE-2023-40319Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=449643&parent=1807045

Identificadores estándar
Propiedad Valor
CVE CVE-2023-40319.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-08-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT