MSA-22-0013: SQL injection risk in badge award criteria
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
by Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria.NOTE: in Moodle 4.0, 3.11.6, 3.10.10 and 3.9.13, access to this vulnerability was available to site administrators only. In earlier versions, access to the relevant capability was also limited to teachers and managers by default.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and
More info:
https://moodle.org/mod/forum/discuss.php?d=434581&parent=1748725 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2022-30599. |