MSA-23-0022: SQL injection risk in grader report sorting
|
System information
|
|
|
Affected software |
PHP |
Description
|
von Michael Hawkins. An SQL injection risk was identified in the grader report sorting.(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)Severity/Risk:SeriousVersions affected:4.2 to 4.2.1Versions fixed:4.2.2Reported by:Paul HoldenWorkaround:Remove access to the gradereport/grader:view capability until the patch has been applied.CVE identifier:CVE-2023-40319Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=449643&parent=1807045 |
Standar resources
|
Property |
Value |
CVE |
|