CVE-2021-32474

State: PUBLISHED · Published: 2022-03-11 · Updated: 2024-08-03 · Assigner: redhat

Description

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

CWE

CWE-89 — CWE-89

Affected

n/a / moodle — v=3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 [affected]

CVSS

(none)

References

https://moodle.org/mod/forum/discuss.php?d=422308 x_refsource_MISC

Source

cvelistV5-main/cves/2021/32xxx/CVE-2021-32474.json