Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Remediation

References

CVE-2022-0332

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-6631)

MySQL Other Vulnerability (CVE-2001-1275)

Oracle Application Server Other Vulnerability (CVE-2005-1496)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5173)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29523)

Severity

Critical

Classification

CVE-2022-0332 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities