MSA-22-0005: SQL injection risk in Badges criteria code
|
System information
|
|
|
Affected software |
PHP |
Description
|
di Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.NOTE: Please pay particular attention to this fix. Information was recently released online about this vulnerability by third parties, so please upgrade or patch as soon as you are able to. We prepared the patch for this as soon as we became aware of the issue, to ensure a fix was available for this release.It
More info:
https://moodle.org/mod/forum/discuss.php?d=432947&parent=1742073 |
Standar resources
|
Property |
Value |
CVE |
CVE-2022-0983. |