Known Vulnerabilities
CVE-2022-40316
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
UNKNOWN
CVSS 4.3
Published Sep 30, 2022
CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page.
UNKNOWN
CVSS 9.8
Published Sep 30, 2022
CVE-2022-40313
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
UNKNOWN
CVSS 7.1
Published Sep 30, 2022
CVE-2022-40314
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
UNKNOWN
CVSS 9.8
Published Sep 30, 2022