Description
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-3713 Vulnerability (CVE-2006-3713)
Ruby Resource Management Errors Vulnerability (CVE-2014-2734)
WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2)
Ruby on Rails Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-5419)