Moodle

Moodle

The SQL injection flaw in the open-source educational platform Moodle could enable an attacker to access sensitive information on any database server.

An attacker can also penetrate the system as a teacher and insert a malicious SQL query while creating custom badges.

This vulnerability can also be used to store XSS attacks.

Source: https://portswigger.net/daily-swig/sql-injection-vulnerability-in-e-learning-platform-moodle-could-enable-database-takeover

"id": "MOO3359322",
"linkid": "moodle",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.