CVE-2022-0332

CRITICAL

Moodle <3.11.4 - SQL Injection

Title source: llm

Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Exploits (2)

exploitdb WORKING POC

by lavclash75 · textwebappsphp

https://www.exploit-db.com/exploits/50700

View Code ZIP pw:eip

nomisec WORKING POC 46 stars

by numanturle · poc

https://github.com/numanturle/CVE-2022-0332

View Code ZIP pw:eip

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2043661

[Patch, Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=431099

Scores

CVSS v3 9.8

EPSS 0.0310

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

moodle/moodle 3.11 - 3.11.5Packagist

moodle/moodle 3.11.0 - 3.11.5

Published Jan 25, 2022

Tracked Since Feb 18, 2026