CVE-2023-30944

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue exists due to insufficient sanitization of user-supplied data in the external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. This could potentially allow the attacker to read, delete, or modify data in the database and gain full control over the vulnerable application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2023-2012

ALT-PU-2023-2057

ALT-PU-2023-5127

BDU:2023-03480

BIT-MOODLE-2023-30944

CVE-2023-30944

GHSA-7MMC-22G7-3XQ2

Affected Products

Alt Linux

Moodle

Red Os

CVE-2023-30944

Weakness Enumeration

Related Identifiers

Affected Products

References · 25