Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-14321

🗓️ 16 Aug 2022 00:00:00Reported by redhatType 
cve
 cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 112 Views🌐 WEB

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers assigned themselves manager rol

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Moodle 3.9 - Remote Code Execution (Authenticated) Exploit
5 Aug 202100:00
zdt
0day.today		Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution Exploit
13 Oct 202100:00
zdt
GithubExploit		Exploit for Incorrect Authorization in Moodle
28 Apr 202119:46
githubexploit
GithubExploit		Exploit for Incorrect Authorization in Moodle
26 Jul 202001:28
githubexploit
Circl		CVE-2020-14321
5 Aug 202108:06
circl
CNVD		Moodle Permission License and Access Control Issues Vulnerability
11 Aug 202000:00
cnvd
Cvelist		CVE-2020-14321
16 Aug 202200:00
cvelist
Exploit DB		Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
5 Aug 202100:00
exploitdb
Github Security Blog		Moodle Incorrect Authorization vulnerability
17 Aug 202200:00
github
Metasploit		Moodle Teacher Enrollment Privilege Escalation to RCE
12 Oct 202117:42
metasploit
Rows per page
NVD
Vulners
Node
moodlemoodleRange3.5.03.5.13
OR
moodlemoodleRange3.7.03.7.7
OR
moodlemoodleRange3.8.03.8.4
OR
moodlemoodleMatch3.9.0-
[
  {
    "vendor": "n/a",
    "product": "Moodle",
    "versions": [
      {
        "version": "Moodle 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
idpathuser/profile.phpUsage to fetch user/course info to enable privilege escalationCWE-863
coursepathuser/profile.phpUsage to fetch user/course info to enable privilege escalationCWE-863
sesskeypathuser/profile.phpUsage to fetch user/course info to enable privilege escalationCWE-863
roleidquery paramuser/index.phpRetrieve course managers to identify potential escalation targetsCWE-863
contextidquery paramuser/index.phpRetrieve course managers to identify potential escalation targetsCWE-863
roleidpathadmin/roles/define.phpDefine/modify manager role permissions to enable elevated accessCWE-863
actionpathadmin/roles/define.phpDefine/modify manager role permissions to enable elevated accessCWE-863
shortnamepathadmin/roles/define.phpDefine/modify manager role permissions to enable elevated accessCWE-863
namepathadmin/roles/define.phpDefine/modify manager role permissions to enable elevated accessCWE-863
descriptionpathadmin/roles/define.phpDefine/modify manager role permissions to enable elevated accessCWE-863
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:03Current
8.4High risk
Vulners AI Score8.4
CVSS 3.18.8
EPSS0.39399
CWE-863
moodlecve-2020-14321security vulnerabilitycourse manager rolenvd
112