BIT-moodle-2023-28329

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-28329.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-moodle-2023-28329
Aliases
Published
2024-03-06T11:00:53.463Z
Modified
2024-04-20T07:49:38.167Z
Summary
[none]
Details

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Database specific
{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / moodle

Package

Name
moodle
Purl
pkg:bitnami/moodle

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.9.0
Fixed
3.9.20
Introduced
3.11.0
Fixed
3.11.13
Introduced
4.0.0
Fixed
4.0.7
Type
SEMVER
Events
Introduced
3.9.0
Last affected
3.9.0
Introduced
3.11.0
Last affected
3.11.0
Introduced
4.0.0
Last affected
4.0.0
Introduced
4.1.0
Last affected
4.1.0
Introduced
4.1.1
Last affected
4.1.1