Severity/Risk: 	Serious
Versions affected: 	4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions
Versions fixed: 	4.0.4, 3.11.10 and 3.9.17
Reported by: 	Paul Holden
CVE identifier: 	CVE-2022-40314
Changes (master): 	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405
Tracker issue: 	MDL-75405 Remote code execution risk when restoring malformed backup file from Moodle 1.9