Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Remediation

References

CVE-2022-0332

Related Vulnerabilities

WordPress Plugin Page and Post Clone Information Disclosure (1.1)

WordPress Plugin AWSM Team-Team Showcase Local File Inclusion (1.3.1)

Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)

TYPO3 Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-11063)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4549)

Severity

Critical

Classification

CVE-2022-0332 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities