Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Remediation

References

CVE-2022-0983

Related Vulnerabilities

AngularJS Improper Input Validation Vulnerability (CVE-2019-10768)

WordPress Plugin WP FuneralPress Multiple Cross-Site Scripting Vulnerabilities (1.1.6)

WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.1)

WordPress Plugin Spectra-WordPress Gutenberg Blocks Multiple Security Bypass Vulnerabilities (2.3.0)

Horde remote code execution

Severity

High

Classification

CVE-2022-0983 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities