Description

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32474

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)

WordPress Plugin Thank You Counter Button Multiple Cross-Site Scripting Vulnerabilities (1.8.7)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0882)

Apache Tomcat Other Vulnerability (CVE-2003-0044)

WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.1)

Severity

High

Classification

CVE-2021-32474 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities