Description
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.
Remediation
References
Related Vulnerabilities
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)
WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)
WordPress Improper Input Validation Vulnerability (CVE-2020-28037)