MSA-22-0025: Minor SQL injection risk in admin user browsing

MSA-22-0025: Minor SQL injection risk in admin user browsing

by Michael Hawkins -
Number of replies: 0

A limited SQL injection risk was identified in the "browse list of users" site administration page.


Severity/Risk: Minor
Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions
Versions fixed: 4.0.4, 3.11.10 and 3.9.17
Reported by: Vincent
CVE identifier: CVE-2022-40315
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75283
Tracker issue: MDL-75283 Minor SQL injection risk in admin user browsing