A security vulnerability within the e-learning platform Moodle could allow an attacker to require over a database and potentially obtain sensitive information, researchers have warned.
Moodle is an open-source educational resource that allows institutions to form online learning materials for college students.
Researchers have found that the website is at risk of a second-order SQL injection flaw, which could enable an attacker to potentially take hold of a database server.
Teachers can create custom badges for their pupils, which they’ll earn through completing tasks like courses or essays.
When creating these badges, it’s possible for an attacker with teacher status to insert a malicious SQL query into the database.
Later, that data is fetched from the database and injected unsanitized into another query. When the badge is enabled for access by students, the injected SQL query is going to be executed.