CVE-2023-35132
Moodle vulnerable to SQL Injection
6.3
MEDIUM
CVSS 3.1
EPSS 0.26%
Description
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
How to fix CVE-2023-35132
To remediate CVE-2023-35132, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 3.9.22 or later
- —upgrade to 4.2.1 or later
Is CVE-2023-35132 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.9.22, >= 3.11.0, < 3.11.15, >= 4.0.0, < 4.0.9, >= 4.1.0, < 4.1.4, >= 4.2.0, < 4.2.1
- >= 4.2.0, < 4.2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |