SQL Injection Vulnerability in Moodle's H5P Activity Web Service
CVE-2022-0332 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.