What the vulnerability does

01Description

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE