Moodle

The SQL injection flaw in the open-source educational platform Moodle could enable an attacker to access sensitive information on any database server.

An attacker can also penetrate the system as a teacher and insert a malicious SQL query while creating custom badges.

This vulnerability can also be used to store XSS attacks.

Source: https://portswigger.net/daily-swig/sql-injection-vulnerability-in-e-learning-platform-moodle-could-enable-database-takeover

"id": "MOO3359322",
"linkid": "moodle",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"