Primary

Context

Moodle Innovación y Cualificación Local Administration Plugin SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Innovación y Cualificación local administration plugin, specifically in the ajax.php file. This vulnerability allows attackers to obtain, update, and delete data from the database by injecting SQL queries through various parameters in the ajax.php endpoint.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access, data modification, or deletion.

Remediation

A new version has been released that addresses the vulnerabilities in the affected plugins. This update has been implemented in all installations of the affected software, with the process expected to be completed by December 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Innovación y Cualificación Local Administration Plugin SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating