Описание
SQL Injection in Moodle
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-0983
- https://github.com/moodle/moodle/commit/c2794752ea3cdda2d64a0651da08b2cdf730d9f1
- https://bugzilla.redhat.com/show_bug.cgi?id=2064119
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y
Пакеты
moodle/moodle
>= 3.11.0, < 3.11.6
3.11.6
moodle/moodle
>= 3.10.0, < 3.10.10
3.10.10
moodle/moodle
< 3.9.13
3.9.13
Связанные уязвимости
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
An SQL injection risk was identified in Badges code relating to config ...
Уязвимость виртуальной обучающей среды Moodle, связанная с непринятием мер по защите структуры запроса SQL , позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных
