SQL Injection Vulnerability in MNet-enabled Moodle Sites via XML-RPC Call

SQL Injection Vulnerability in MNet-enabled Moodle Sites via XML-RPC Call

CVE-2021-32474 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.