Since long before the pandemic, teleeducation platforms have proliferated. The one that stands out the most in terms of use is Moodle, Open Source. This platform is used by a multitude of institutions and companies.

The latest vulnerability discovered is located in a function that allows the creation of medals to be awarded to students and could leak sensitive information from the database.

This vulnerability can be exploited using second-order SQL injections, in which malicious SQL queries are stored. Fortunately, This vulnerability is complex to exploit as you need to be registered with a teacher role to access the vulnerable component.

To date, the Moodle development team has not been notified by the usual notification channels, So so far the vulnerability has not been fixed.

Fountain: Segu-Info

Image: Pixabay


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »