CVE-2023-28329, GHSA-72w2-j52c-7682
packagist/moodle/moodle
Moodle SQL Injection vulnerability
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2
Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.
2023-03-24
source |