-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from web service functions directly using input parameters ($assignmentid, $userids, etc.) without proper validation. The GitHub patch shows these functions were modified to use $params[] (validated via validate_parameters()) instead of raw inputs, and added context validation (validate_context()). This indicates the original implementations lacked parameter sanitization, allowing attackers to manipulate grade metadata via crafted inputs. All modified functions in the commit exhibit this pattern, confirming their vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 2.6.0, < 2.6.2 | 2.6.2 |