Since long before the pandemic, teleeducation platforms have proliferated. The one that stands out the most in terms of use is Moodle, Open Source. This platform is used by a multitude of institutions and companies.
The latest vulnerability discovered is located in a function that allows the creation of medals to be awarded to students and could leak sensitive information from the database.
This vulnerability can be exploited using second-order SQL injections, in which malicious SQL queries are stored. Fortunately, This vulnerability is complex to exploit as you need to be registered with a teacher role to access the vulnerable component.
To date, the Moodle development team has not been notified by the usual notification channels, So so far the vulnerability has not been fixed.
Fountain: Segu-Info
Image: Pixabay