Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-32474 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-32474

High
Reference: CVE-2021-32474
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-32474
Title: Moodle Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An SQL injection risk existed on sites with MNet enabled and configured via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3 3.9 to 3.9.6 3.8 to 3.8.8 3.5 to 3.5.17 and earlier unsupported versions are affected.