A critical vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The issue is a SQL injection vulnerability, which allows an attacker to execute PHP code on the victim’s server.
The vulnerability will affect almost all Moodle versions, including 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions.
- All Moodle administrators should apply the security patch available here: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010
- If you have any further questions, contact firstname.lastname@example.org