GHSA-mqw9-3cjm-xwp3

GitHub Security Advisory

Moodle Minor SQL injection risk in admin user browsing

✓ GitHub Reviewed CRITICAL Has CVE

A limited SQL injection risk was identified in the "browse list of users" site administration page.

Packagist moodle/moodle

Affected versions: 3.9 (fixed in 3.9.17)

Packagist moodle/moodle

Affected versions: 3.11 (fixed in 3.11.10)

Packagist moodle/moodle

Affected versions: 4.0 (fixed in 4.0.4)

CVE-2022-40315

GHSA ID

GHSA-mqw9-3cjm-xwp3

Published

October 1, 2022 12:00 AM

Last Modified

April 23, 2024 11:43 PM

CVSS Score

9.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.