CVE-2022-0332

CRITICAL

Moodle 3.11.0-3.11.4 - SQL Injection via H5P Activity Web Service

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-0332. PoCs published by lavclash75, numanturle.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Moodle 3.11 to 3.11.4 via the 'sortorder' parameter in the 'mod_h5pactivity_get_user_attempts' webservice function. The payload extracts database information using a time-based blind SQLi technique.

Description

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Exploits (2)

exploitdb WORKING POC

by lavclash75 · textwebappsphp

https://www.exploit-db.com/exploits/50700

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Moodle 3.11 to 3.11.4 via the 'sortorder' parameter in the 'mod_h5pactivity_get_user_attempts' webservice function. The payload extracts database information using a time-based blind SQLi technique.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Moodle 3.11 to 3.11.4

Auth required

Prerequisites: Valid Moodle instance with vulnerable version · Valid webservice token

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 46 stars

by numanturle · poc

https://github.com/numanturle/CVE-2022-0332

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2022-0332, a SQL injection vulnerability in Moodle versions 3.11 to 3.11.4. The exploit demonstrates a blind SQL injection via the 'sortorder' parameter in the 'mod_h5pactivity_get_user_attempts' webservice function.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Moodle 3.11 to 3.11.4

Auth required

Prerequisites: Valid Moodle instance with vulnerable version · Valid webservice token

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=2043661

Patch, Vendor Advisory x_refsource_misc

https://moodle.org/mod/forum/discuss.php?d=431099

Scores

CVSS v3 9.8

EPSS 0.0310

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

moodle/moodle 3.11 - 3.11.5Packagist

moodle/moodle 3.11.0 - 3.11.5

Published Jan 25, 2022

Tracked Since Feb 18, 2026