CVE-2025-2199 Information

Description

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’ ‘searchSpecialitiesPending’ ‘searchSpecialitiesLinked’ ‘searchUsersToUpdateProfile’ ‘training_action_data’ ‘showContinuingTrainingCourses’ and ‘showUsersToEdit’ in /local/administration/ajax.php.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins