CRITICAL🇵🇱 Wersja polska

CVE-2021-36393

CVSS 9.8v3.1pub. 2023-03-06upd. 2024-11-21

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Moodle

    APP
    Moodle
    < 3.9.83.10.0 – 3.10.5 (bez)3.11.0 – 3.11.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-33999CRITICAL9.8PL ✓ten sam produkt

Moodle MFA — niewystarczająca sanityzacja URL referrer

CVE-2023-28333CRITICAL9.8ten sam produkt

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This ...

CVE-2021-36392CRITICAL9.8ten sam produkt

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

CVE-2021-36394CRITICAL9.8ten sam produkt

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

CVE-2022-45152CRITICAL9.1ten sam produkt

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insuffic...

CVE-2021-36393 — Moodle — CRITICAL — CVSS 9.8 | CVEbaza.pl