Boletines de Vulnerabilidades

MSA-23-0004: Authenticated SQL injection via availability check


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Vincent Schneider (cli-ish)CVE identifier:CVE-2023-28329Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=445061&parent=1788894

Identificadores estándar

Propiedad Valor
CVE CVE-2023-28329.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2023-03-21
Ministerio de Defensa
CNI
CCN
CCN-CERT