6 matches found
OpenEDX Ironwood 2.5 CVE-2020-13144 - Remote Code Execution
OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability. Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link:...
OpenEDX platform Ironwood 2.5 - Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian...
OpenEDX platform Ironwood 2.5 - Remote Code Execution
Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...
OpenEDX Ironwood 2.5 Remote Code Execution
Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...
CVE-2020-13144
CVE-2020-13144 affects Open edX Ironwood 2.5 Studio. When CodeJail is not enforced, an authenticated user can navigate to Create New course > New section > New subsection > New unit > Add new component > Problem > Advanced > Custom Python evaluated code, edit a problem and ex...