-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in Moodle's XMLDB editor used by administrators for database schema modifications. Analysis focuses on components handling user-controlled parameters for database operations. The edit_table_save action is a prime candidate as it processes structural changes, while xmldb_field class constructor likely handles user-supplied field definitions. SQL injection would occur if these components directly interpolate user input into DDL statements without proper parameterization. Confidence is medium due to typical XMLDB editor architecture patterns, though exact vulnerable code paths can't be verified without patch diffs.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 4.1.12 | 4.1.12 |
| moodle/moodle | composer | >= 4.2.0-beta, < 4.2.9 | 4.2.9 |
| moodle/moodle | composer | >= 4.3.0-beta, < 4.3.6 | 4.3.6 |
| moodle/moodle | composer | >= 4.4.0-beta, < 4.4.2 | 4.4.2 |