CVE-2023-35132

Summary

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Affected Software

VendorProductVersion RangeStatus
4.2.0 < 4.2.1affected
4.1.0 < 4.1.4affected
4.0.0 < 4.0.9affected
3.11.0 < 3.11.15affected
0 < 3.9.22affected

Weaknesses

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References