Skip to main content

Moodle CVE-2022-0983

HIGH
SQL Injection (CWE-89)
2022-03-25 secalert@redhat.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 25, 2022 - 19:15 nvd
HIGH 8.8

DescriptionNVD

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

AnalysisAI

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. Affected products include: Moodle, Fedoraproject Fedora, Fedoraproject Extra Packages For Enterprise Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Moodle

View all
CVE-2013-3630 MEDIUM POC
4.6 Nov 01

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell

CVE-2021-21809 CRITICAL POC
9.1 Jun 23

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. Rated critical severi

CVE-2024-43425 HIGH POC
8.1 Nov 07

A flaw was found in Moodle. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authenticatio

CVE-2017-2641 CRITICAL POC
9.8 Mar 26

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2025-34031 HIGH POC
7.5 Jun 24

The Moodle LMS Jmol plugin version 6.1 and earlier contains a path traversal vulnerability in jsmol.php. The query param

CVE-2013-4341 MEDIUM POC
4.3 Sep 16

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, an

CVE-2016-9187 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remo

CVE-2016-9186 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows re

CVE-2018-14630 HIGH POC
8.8 Sep 17

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional re

CVE-2018-1133 HIGH POC
8.8 May 25

An issue was discovered in Moodle 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low a

CVE-2016-7919 HIGH POC
7.5 Oct 28

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injectio

CVE-2021-47857 HIGH POC
7.2 Jan 21

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows

Share

CVE-2022-0983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy