Description In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Remediation References CVE-2017-2641 Related Vulnerabilities Oracle JRE CVE-2013-1564 Vulnerability (CVE-2013-1564) WordPress Plugin WooCommerce Salesforce Integration Cross-Site Scripting (1.5.8) WordPress Plugin Quote-O-Matic SQL Injection (1.0.5) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-2783) WordPress Plugin Mobiloud-Native Mobile Apps for your WordPress site (iPhone, iPad, Android) Multiple Cross-Site Scripting Vulnerabilities (2.3.7) Severity Critical Classification CVE-2017-2641 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities