An SQL injection risk was identified in the grader report sorting.
(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)
| Severity/Risk: | Serious |
| Versions affected: | 4.2 to 4.2.1 |
| Versions fixed: | 4.2.2 |
| Reported by: | Paul Holden |
| Workaround: | Remove access to the gradereport/grader:view capability until the patch has been applied. |
| CVE identifier: | CVE-2023-40319 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78790 |
| Tracker issue: | MDL-78790 SQL injection risk in grader report sorting |