CVE-2021-32474 - AskarLabs CVE Database

CVE-2021-32474

Vendor N/A

Product moodle

Weakness CWE-89 · SQLi

Published March 11, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Key dates

02Disclosure timeline

March 11, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32474

Related vulnerabilities

04Related CVE

CVE-2025-62849 QTS, QuTS hero CVE-2024-7101 ForIP Tecnologia Administração PABX Authentication Form login sql injection CVE-2025-0541 Codezips Gym Management System edit_member.php sql injection CVE-2024-55984 WordPress Saksh Escrow System plugin <= 2.4 - SQL Injection vulnerability CVE-2022-2745 SourceCodester Gym Management System Add New Trainer add_trainers.php sql injection