An SQL injection risk was identified in the grader report sorting.
(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)
Severity/Risk: | Serious |
Versions affected: | 4.2 to 4.2.1 |
Versions fixed: | 4.2.2 |
Reported by: | Paul Holden |
Workaround: | Remove access to the gradereport/grader:view capability until the patch has been applied. |
CVE identifier: | CVE-2023-40319 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78790 |
Tracker issue: | MDL-78790 SQL injection risk in grader report sorting |