An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
Versions affected: 3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions
Created moodle tracking bugs for this issue:
Affects: epel-7 [bug 2064124]
Affects: fedora-all [bug 2064126]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.