MSA-22-0005: SQL injection risk in Badges criteria code
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
NOTE: Please pay particular attention to this fix. Information was recently released online about this vulnerability by third parties, so please upgrade or...