|Release Date:||2014-05-08 (Last update can be found below the document title)|
|Description:||SQL Sanitization Vulnerability|
|Criticality Level:||Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
Authentication Level: Logged in Canvas admins and instructors
|Systems Affected:||Canvas LMS|
|Discovered By:||Instructure Internal Audit|
A security audit has identified a SQL injection attack vector in the course import functionality, available to account admins and instructors.
A fix has been developed and deployed to Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.