Description

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Remediation

References

CVE-2023-35132

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2003-0042)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29471)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15809)

GlassFish Improper Input Validation Vulnerability (CVE-2015-3237)

PostgreSQL Other Vulnerability (CVE-2002-1397)

Severity

Medium

Classification

CVE-2023-35132 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities