← back
CVE-2023-35132

Moodle: minor sql injection risk on mnet sso access control page

CVSS 6.3 MEDIUMEPSS 0.8%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
22 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=2214371https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/https://moodle.org/mod/forum/discuss.php?d=447830