Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Remediation

References

CVE-2022-0332

Related Vulnerabilities

WordPress Plugin Video Embed & Thumbnail Generator Cross-Site Scripting (4.0.3)

Moodle Other Vulnerability (CVE-2004-2237)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6388)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

WordPress Plugin yolink Search for WordPress Cross-Site Scripting (2.5)

Severity

Critical

Classification

CVE-2022-0332 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities