-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in the course enrollment fetching logic (CWE-89). Moodle's advisory references MDL-71241, which addresses SQL injection in enrollment queries. The primary function handling course enrollment data retrieval is enrol_get_my_courses in enrol/lib.php. The vulnerability stems from improper sanitization of user-controlled sorting parameters in SQL ORDER BY clauses, a common SQL injection vector when dynamic query construction is used without proper parameter binding. This matches the described risk pattern and affected component.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 3.11.0-beta, < 3.11.1 | 3.11.1 |
| moodle/moodle | composer | >= 3.10.0-beta, < 3.10.5 | 3.10.5 |
| moodle/moodle | composer | < 3.9.8 | 3.9.8 |
A Semantic Attack on Google Gemini - Read the Latest Research