Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Remediation

References

CVE-2022-0332

Related Vulnerabilities

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.25)

TYPO3 7PK - Security Features Vulnerability (CVE-2016-5091)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.3.1)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

Severity

Critical

Classification

CVE-2022-0332 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities