Moodle LMS Vulnerability – March 22, 2017 11:00 PT

A critical vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The issue is a SQL injection vulnerability, which allows an attacker to execute PHP code on the victim’s server.



CVE Number


Impacted Platforms

The vulnerability will affect almost all Moodle versions, including 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions.

Recommended actions

More information