CVE-2021-32474: 
PHP vulnerability analysis and mitigation

CVE-2021-32474 is a SQL injection vulnerability that affected Moodle installations with MNet (Moodle Network) enabled and configured. The vulnerability was discovered in May 2021 and affected multiple versions of Moodle including 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17, and earlier unsupported versions. The vulnerability could be exploited through an XML-RPC call from a connected peer host, though it required either site administrator access or access to the keypair (Moodle Forum).

The vulnerability is classified as CWE-89 (SQL Injection) and was rated as 'Serious' in severity. The issue specifically involved a blind SQL injection vulnerability that could be triggered through MNet authentication mechanisms (Moodle Forum).

The vulnerability could potentially allow an attacker with appropriate access to perform SQL injection attacks against the Moodle database through MNet authentication mechanisms. However, the impact was limited by the requirement of having either site administrator access or access to the keypair (Moodle Forum).

The vulnerability was fixed in Moodle versions 3.11, 3.10.4, 3.9.7, 3.8.9, and 3.5.18. Users of affected versions should upgrade to these patched versions to mitigate the vulnerability (Moodle Forum).