CVE-2021-36392: 
PHP vulnerability analysis and mitigation

CVE-2021-36392 is a SQL injection vulnerability discovered in Moodle's library functionality that fetches a user's enrolled courses. The vulnerability was identified and disclosed in July 2021, affecting Moodle versions 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7, and earlier unsupported versions (Moodle Forum).

The vulnerability is classified as a SQL injection (CWE-89) with a CVSS v3.1 base score of 9.8 (CRITICAL), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The SQL injection vulnerability could allow attackers to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access to sensitive data, modification of database contents, or compromise of the entire Moodle installation (Rapid7).

Moodle has released fixed versions to address this vulnerability: 3.11.1, 3.10.5, and 3.9.8. Users are strongly advised to upgrade to these patched versions to mitigate the risk (Moodle Forum).