Moodle is vulnerable to SQL injection attacks. The attacks exist because the application does not filter null bytes \0
characters in query strings, leading to SQL statements failing and causing error to the Microsoft SQL driver. This can allow a malicious user to inject and execute SQL queries.