CVE-2023-35132
Medium
Published: 22 June 2023
Published
22 June 2023
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0026
49.3th percentile
Risk Priority
13
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-35132 is a medium-severity SQL Injection (CWE-89) vulnerability in Moodle Moodle. Its CVSS base score is 6.3 (Medium).
Operationally, ranked at the 49.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-1683
Vulnerability details
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
moodle
moodle
4.2.0 · ≤ 3.9.22 · 3.11.0 — 3.11.15 · 4.0.0 — 4.0.9
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.