-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 3.9, < 3.9.17 | 3.9.17 |
| moodle/moodle | composer | >= 3.11, < 3.11.10 | 3.11.10 |
| moodle/moodle | composer | >= 4.0, < 4.0.4 | 4.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability exists in the admin user browsing interface, which typically involves querying the database for user records. Moodle's user management functions (like get_users) often handle filter parameters from admin inputs. Given the SQL injection CWE-89 pattern and the context of user listing with filters, the most probable vulnerable function is the SQL query builder in the admin user management code that processes unsanitized inputs. The 'limited' risk suggests it requires admin privileges but uses direct input interpolation in SQL strings.
Ongoing coverage of React2Shell