MSA-22-0001: SQL injection risk in code fetching h5p activity user attempts

by Michael Hawkins.  

An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.


Severity/Risk:Serious
Versions affected:3.11 to 3.11.4
Versions fixed:3.11.5
Reported by:Paul Holden
CVE identifier:CVE-2022-0332
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72573
Tracker issue:MDL-72573 SQL injection risk in code fetching h5p activity user attempts

Read more https://moodle.org/mod/forum/discuss.php?d=431099&parent=1734813