Miggo Logo
Miggo Vulnerability Database
CVE-2025-26533

CVE-2025-26533: Moodle has a SQL injection risk in course search module list filter

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-26533
GHSA ID
GHSA-rg56-94j7-hjx9
EPSS Score
0.22176%
CWE
CWE-89
Published
2/24/2025
Updated
2/24/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 4.5.0-beta, < 4.5.24.5.2
moodle/moodlecomposer>= 4.4.0-beta, < 4.4.64.4.6
moodle/moodlecomposer>= 4.3.0-beta, < 4.3.104.3.10
moodle/moodlecomposer< 4.1.164.1.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit MDL-84271 specifically mentions adding validation for the module list in course search. This indicates the vulnerability existed in code that processes module filter parameters for SQL queries. The core_course component's search functionality would handle these filters, and the lack of validation in query-building functions would expose SQL injection. While exact pre-patch code isn't available, the pattern matches common SQL injection vectors in search filters using dynamic IN() clauses with user input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n SQL inj**tion risk w*s i**nti*i** in t** mo*ul* list *ilt*r wit*in *ours* s**r**.

Reasoning

T** *ommit M*L-***** sp**i*i**lly m*ntions ***in* v*li**tion *or t** mo*ul* list in *ours* s**r**. T*is in*i**t*s t** vuln*r**ility *xist** in *o** t**t pro**ss*s mo*ul* *ilt*r p*r*m*t*rs *or SQL qu*ri*s. T** *or*_*ours* *ompon*nt's s**r** *un*tion*l