Primary

Context

IcProgreso Innovación y Cualificación Plugin SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the IcProgreso Innovación y Cualificación plugin for Moodle. This vulnerability allows attackers to obtain, update, and delete data from the database by injecting SQL queries through specific parameters in the endpoint '/report/icprogreso/generar_blocks.php'.

Impact

Exploitation of this vulnerability allows for unauthorized database access, enabling attackers to manipulate data by injecting malicious SQL queries, potentially leading to data loss or corruption.

Remediation

A new version has been released that addresses the vulnerabilities in the affected plugins. This update has been implemented in all installations of the affected software, with the process expected to be completed by December 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IcProgreso Innovación y Cualificación Plugin SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating