Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Remediation

References

CVE-2022-0332

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3512)

WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.4)

Oracle JRE CVE-2012-5086 Vulnerability (CVE-2012-5086)

Oracle Application Server Other Vulnerability (CVE-2005-3449)

Severity

Critical

Classification

CVE-2022-0332 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities