Description

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

Remediation

References

CVE-2021-36392

Related Vulnerabilities

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2008-3963)

Nginx Improper Encoding or Escaping of Output Vulnerability (CVE-2013-4547)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25)

ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)

Severity

Critical

Classification

CVE-2021-36392 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities