Hope your new installation of Moodle code was via git. One thing I've learned about using git to update/upgrade moodles ... it has an un-intended 'malware detect feature'. Git does keep track of the byte size of moodle code ... all of it. One time there was a plugin for authentication that required just one additional line added to an HTML form file. After installation and some time passed there was an update to Moodle code which I attempt to acquire. Git wouldn't let me saying the file I had manually edited didn't match what it knew about and that to keep changes I'd have to commit the changes to my local copy of git. Showed me the file location/name.
Since I knew I had done that then no problems.
Injected data into DB tables is possible but that means there existed another in-security related ... XSS or other ... vulnerability. DB server localhost only accessed by only 1 user with that user being in the tables for MySQL as the ONLY user ... those sorts of protections would have to be discovered malware and either altered or used.
So there is more than meets the eye to security now-a-days.
That's why Moodle needs to develop what WP and Joomla already has ... ability to update core code right inside Moodle.
What might seem to be trival/not important turns out to be not so trivial and more important than one thought.
Git will enable the command line user to easily and efficently, with little muss or fuss, keep the core code up to date in a matter of minutes. No excuse, IF you have CLI,.
'spirit of sharing', Ken