CVE-2022-40315

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle versions (affected versions not specified)

Description A limited SQL injection risk was identified in the "browse list of users" site administration page. The vulnerability is related to insufficient cleaning of user data on this page. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary SQL commands by sending a specially crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2023-2012

ALT-PU-2023-2057

ALT-PU-2023-5127

BDU:2022-06359

BIT-MOODLE-2022-40315

CVE-2022-40315

GHSA-MQW9-3CJM-XWP3

Affected Products

Alt Linux

Moodle

Red Os

CVE-2022-40315

Weakness Enumeration

Related Identifiers

Affected Products

References · 19