CVE-2023-35132

Name of the Vulnerable Software and Affected Versions Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2

Description A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw is related to insufficient cleaning of user-provided data, which can be exploited by a remote attacker to read, delete, or modify data in the database and gain full control over the vulnerable application.

Recommendations For Moodle versions 3.9 to 3.9.21, update to a version that includes the fix for this issue. For Moodle versions 3.11 to 3.11.14, update to a version that includes the fix for this issue. For Moodle versions 4.0 to 4.0.8, update to a version that includes the fix for this issue. For Moodle versions 4.1 to 4.1.3, update to a version that includes the fix for this issue. For Moodle version 4.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Mnet SSO access control page until a patch is available.