SQL Injection Vulnerability in Moodle's H5P Activity Web Service

CVE-2022-0332 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.