Description

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32474

Related Vulnerabilities

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Cross-Site Scripting (1.6.2)

Joomla CVE-2014-7229 Vulnerability (CVE-2014-7229)

WordPress Plugin WP User Frontend-Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Supply Chain Attack [Polyfill.io] (4.0.7)

WordPress 4.5.x Cross-Domain Flash Injection Vulnerability (4.5 - 4.5.12)

Jboss EAP Other Vulnerability (CVE-2023-3629)

Severity

High

Classification

CVE-2021-32474 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities