Description

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Remediation

References

CVE-2023-35132

Related Vulnerabilities

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8324)

WordPress Plugin My Tickets Cross-Site Scripting (1.5.0)

WordPress Plugin BetterLinks-Shorten, Track and Manage any URL Cross-Site Scripting (1.2.5)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)

Severity

Medium

Classification

CVE-2023-35132 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities