CVE-2022-0332

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0332

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0332.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0332

Aliases

BIT-moodle-2022-0332
GHSA-6jhm-4vmx-mr76

Related

UBUNTU-CVE-2022-0332

Published

2022-01-25T20:15:08Z

Modified

2025-02-14T11:32:16.837809Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

References

https://moodle.org/mod/forum/discuss.php?d=431099
https://bugzilla.redhat.com/show_bug.cgi?id=2043661

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

94f2d3fc4b974c5c7d500988c56b7ca15f58d7ec

Fixed

a59bec2a6f3c093ebe3b8eb0316c07188a4a339e

Affected versions

v3.*

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.11.4