Miggo Logo
Miggo Vulnerability Database
CVE-2021-32474

CVE-2021-32474:
Moodle Blind SQL injection possible via MNet authentication

7.2

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-32474
GHSA ID
GHSA-rvmc-8gmg-ggqr
EPSS Score
0.72593%
CWE
CWE-89
Published
3/12/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.10, < 3.10.43.10.4
moodle/moodlecomposer>= 3.9, < 3.9.73.9.7
moodle/moodlecomposer>= 3.8, < 3.8.93.8.9
moodle/moodlecomposer>= 3.5, < 3.5.183.5.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in MNet-enabled systems via XML-RPC calls. The description indicates improper SQL query construction with user-controlled input. MNet authentication handling (auth/mnet) is the logical component for this interaction. The 'user_authorise' method is a core part of MNet's authentication flow, and historical analysis of similar Moodle vulnerabilities shows this function previously used unsafe SQL concatenation. The high confidence comes from the correlation between the attack vector (MNet XML-RPC), CWE-89 pattern, and the critical role of user_authorise in processing external authentication requests.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n SQL inj**tion risk *xist** on sit*s wit* MN*t *n**l** *n* *on*i*ur**, vi* *n XML-RP* **ll *rom t** *onn**t** p**r *ost. Not* t**t t*is r*quir** sit* **ministr*tor ****ss or ****ss to t** k*yp*ir. Moo*l* *.** to *.**.*, *.* to *.*.*, *.* to *.*.*,

Reasoning

T** vuln*r**ility o**urs in MN*t-*n**l** syst*ms vi* XML-RP* **lls. T** **s*ription in*i**t*s improp*r SQL qu*ry *onstru*tion wit* us*r-*ontroll** input. MN*t *ut**nti**tion **n*lin* (*ut*/mn*t) is t** lo*i**l *ompon*nt *or t*is int*r**tion. T** 'us*