In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SQLi
Moodle
NVD
Exploit-DB
CVSS 3.0
9.8
EPSS
1.9%