CVE-2025-26533

An SQL injection risk was identified in the module list filter within course search.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271	Patch
https://moodle.org/mod/forum/discuss.php?d=466150	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

06 Aug 2025, 23:57

Type	Values Removed	Values Added
References	~~() http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271 -~~	() http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271 - Patch
References	~~() https://moodle.org/mod/forum/discuss.php?d=466150 -~~	() https://moodle.org/mod/forum/discuss.php?d=466150 - Vendor Advisory
First Time		Moodle Moodle moodle
Summary		(es) Se identificó un riesgo de inyección SQL en el filtro de la lista de módulos dentro de la búsqueda de cursos.
CPE		cpe:2.3:a:moodle:moodle::::::::

24 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-24 21:15

Updated : 2025-08-06 23:57

NVD link : CVE-2025-26533

Mitre link : CVE-2025-26533

CVE.ORG link : CVE-2025-26533

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-26533", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-24T21:15:11.057", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271", "tags": ["Patch"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=466150", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An SQL injection risk was identified in the module list filter within course search."}, {"lang": "es", "value": " Se identific\u00f3 un riesgo de inyecci\u00f3n SQL en el filtro de la lista de m\u00f3dulos dentro de la b\u00fasqueda de cursos."}], "lastModified": "2025-08-06T23:57:20.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE6D6ED-55D3-46B4-84DC-7C3684E3260E", "versionEndExcluding": "4.1.16", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DF83192-5999-4E1B-B109-A1B0F68437B2", "versionEndExcluding": "4.3.10", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B91CC5BB-FFB9-4D09-9001-105A8B68208E", "versionEndExcluding": "4.4.6", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "830F7FD6-3257-44A2-9599-2C5C2FF2BA20", "versionEndExcluding": "4.5.2", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}