Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Remediation

References

CVE-2022-0983

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3708)

WordPress Plugin Premmerce Product Filter for WooCommerce Security Bypass (3.1.2)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13760)

WordPress Plugin Featured Posts by BestWebSoft Cross-Site Scripting (1.0.0)

Severity

High

Classification

CVE-2022-0983 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities