CVE-2025-26533: Moodle has a SQL injection risk in course search module list filter

February 24, 2025 (updated May 8, 2025)

An SQL injection risk was identified in the module list filter within course search.

References

github.com/advisories/GHSA-rg56-94j7-hjx9
github.com/moodle/moodle
github.com/moodle/moodle/commit/1310e64699807ead6c38ee89354ac57c503c2836
moodle.org/mod/forum/discuss.php?d=466150
nvd.nist.gov/vuln/detail/CVE-2025-26533

Code Behaviors & Features

Detect and mitigate CVE-2025-26533 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →