Description

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Remediation

References

CVE-2023-35132

Related Vulnerabilities

Oracle Database Server CVE-2009-1019 Vulnerability (CVE-2009-1019)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0274)

Oracle Database Server CVE-2011-0876 Vulnerability (CVE-2011-0876)

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)

MySQL CVE-2022-21351 Vulnerability (CVE-2022-21351)

Severity

Medium

Classification

CVE-2023-35132 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities