MSA-22-0013: SQL injection risk in badge award criteria
|
System information
|
|
|
Affected software |
PHP |
Description
|
by Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria.NOTE: in Moodle 4.0, 3.11.6, 3.10.10 and 3.9.13, access to this vulnerability was available to site administrators only. In earlier versions, access to the relevant capability was also limited to teachers and managers by default.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and
More info:
https://moodle.org/mod/forum/discuss.php?d=434581&parent=1748725 |
Standar resources
|
Property |
Value |
CVE |
CVE-2022-30599. |