CVE-2022-40316

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue is related to the H5P plugin in the Moodle virtual learning environment, where the H5P activity attempts report does not filter by groups. This can reveal information to non-editing teachers about attempts or users in groups they should not have access to, potentially allowing a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

Code Injection

RCE

Exposure of Resource to Wrong Sphere

Path traversal

SQL injection

Missing Authorization

Open Redirect

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94CWE-20CWE-668CWE-22CWE-264CWE-89CWE-862CWE-601CWE-79

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2023-2012

ALT-PU-2023-2057

ALT-PU-2023-5127

BDU:2022-04906

BDU:2022-04907

BDU:2022-04908

BDU:2022-06359

BDU:2022-06382

BDU:2022-06383

BDU:2022-06402

BDU:2022-06403

BDU:2022-06405

BDU:2022-06406

BIT-MOODLE-2022-40316

CVE-2022-40316

GHSA-385F-VGQ7-8HHX

Affected Products

Alt Linux

H5P

Moodle

Red Os

CVE-2022-40316

Weakness Enumeration

Related Identifiers

Affected Products

References · 70