WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32474)

Description

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

Related Vulnerabilities

MySQL CVE-2017-10365 Vulnerability (CVE-2017-10365)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)

WordPress Plugin Thrive Optimize Security Bypass (1.4.13.2)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

Severity

High

Classification

CVE-2021-32474 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities