Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Remediation

References

CVE-2022-0983

Related Vulnerabilities

WordPress Plugin Gantry 4 Framework Cross-Site Scripting (4.1.5)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)

WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-2270)

Severity

High

Classification

CVE-2022-0983 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities