Boletines de Vulnerabilidades

MSA-22-0013: SQL injection risk in badge award criteria


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria.NOTE: in Moodle 4.0, 3.11.6, 3.10.10 and 3.9.13, access to this vulnerability was available to site administrators only. In earlier versions, access to the relevant capability was also limited to teachers and managers by default.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and

More info:

https://moodle.org/mod/forum/discuss.php?d=434581&parent=1748725

Identificadores estándar

Propiedad Valor
CVE CVE-2022-30599.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-05-18

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT