-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit MDL-84271 specifically mentions adding validation for the module list in course search. This indicates the vulnerability existed in code that processes module filter parameters for SQL queries. The core_course component's search functionality would handle these filters, and the lack of validation in query-building functions would expose SQL injection. While exact pre-patch code isn't available, the pattern matches common SQL injection vectors in search filters using dynamic IN() clauses with user input.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.5.0-beta, < 4.5.2 | 4.5.2 |
| moodle/moodle | composer | >= 4.4.0-beta, < 4.4.6 | 4.4.6 |
| moodle/moodle | composer | >= 4.3.0-beta, < 4.3.10 | 4.3.10 |
| moodle/moodle | composer | < 4.1.16 | 4.1.16 |