Boletines de Vulnerabilidades

MSA-22-0001: SQL injection risk in code fetching h5p activity user attempts


Información sobre el sistema

   
Software afectado PHP

Descripción

di Michael Hawkins. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.Severity/Risk:SeriousVersions affected:3.11 to 3.11.4Versions fixed:3.11.5Reported by:Paul HoldenCVE identifier:CVE-2022-0332Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72573Tracker issue:MDL-72573 SQL injection risk in code fetching h5p activity user attempts

More info:

https://moodle.org/mod/forum/discuss.php?d=431099&parent=1734813

Identificadores estándar

Propiedad Valor
CVE CVE-2022-0332.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2022-05-17
Ministerio de Defensa
CNI
CCN
CCN-CERT