CVE-2022-0983

HIGH

moodle 3.9.0-3.9.12 and 3.11.0-3.11.5 - Authenticated SQL Injection in Badges Criteria Configuration

Title source: llm

Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

References (2)

Core 2

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=2064119

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/

Scores

CVSS v3 8.8

EPSS 0.0039

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (5)

fedoraproject/extra_packages_for_enterprise_linux 7.0

fedoraproject/fedora 35

fedoraproject/fedora 36

moodle/moodle 3.11.0 - 3.11.6Packagist

moodle/moodle 3.9.0 - 3.9.13

Published Mar 25, 2022

Tracked Since Feb 18, 2026