Vulnerability Bulletins

MSA-23-0022: SQL injection risk in grader report sorting

System information

Affected software PHP


by Michael Hawkins. An SQL injection risk was identified in the grader report sorting.(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)Severity/Risk:SeriousVersions affected:4.2 to 4.2.1Versions fixed:4.2.2Reported by:Paul HoldenWorkaround:Remove access to the gradereport/grader:view capability until the patch has been applied.CVE identifier:CVE-2023-40319Changes

More info:

Standar resources

Property Value
CVE CVE-2023-40319.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-22
Ministerio de Defensa