CVE-2023-28329

Moodle SQL Injection vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-28329, GHSA-72w2-j52c-7682

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle SQL Injection vulnerability

Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Affected Versions

All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.

Last Modified

2023-03-24

source