CVE-2023-28329

CVE-2023-28329: Moodle: authenticated sql injection via availability check

Weakness CWE-89 · SQLi
Published March 23, 2023
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Key dates

02Disclosure timeline

March 23, 2023 CVE published
August 2, 2024 Record updated