Description

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Remediation

References

CVE-2023-35132

Related Vulnerabilities

b2evolution Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7352)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

Joomla! Core Privilege Escalation (1.6.0 - 3.6.4)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

WordPress Plugin WordPress Backup to Ziddu Cross-Site Scripting (1)

Severity

Medium

Classification

CVE-2023-35132 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities