CVE-2023-28329: Moodle SQL Injection vulnerability

March 23, 2023 (updated November 9, 2023)

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77046
github.com/advisories/GHSA-72w2-j52c-7682
github.com/moodle/moodle/commit/81e74af17f419f7910f81279efecf5c7af09f38d
moodle.org/mod/forum/discuss.php?d=445061
nvd.nist.gov/vuln/detail/CVE-2023-28329

Code Behaviors & Features

Detect and mitigate CVE-2023-28329 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →