CVE-2022-0983

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified) fedoraproject extra packages for enterprise linux (affected versions not specified) fedoraproject fedora (affected versions not specified)

Description The issue is related to a lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries in the database. An SQL injection risk was identified in Badges code, specifically in configuring criteria, with access limited to teachers and managers by default.

Recommendations For Moodle, consider restricting access to the Badges code configuring criteria capability to minimize the risk of exploitation. For fedoraproject extra packages for enterprise linux and fedoraproject fedora, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the SQL query execution functionality in the affected components until a patch is available.