CVE-2022-0983

HIGH8.8EPSS 0.39%

SQL Injection in Moodle

發布日:2022/3/26修改日:2024/2/20

也稱為:GHSA-h2fw-93qx-vrcqBIT-moodle-2022-0983

描述

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

受影響套件(2)

Bitnami/moodle>= 3.9.0, < 3.9.13, >= 3.10.0, < 3.10.10, >= 3.11.0, < 3.11.6
Packagist/moodle/moodle>= 3.11.0, < 3.11.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0983
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2064119
WEBhttps://github.com/moodle/moodle/commit/c2794752ea3cdda2d64a0651da08b2cdf730d9f1
WEBhttps://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074
WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/
WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y