Lucene search
K

5 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/10/15 6:49 p.m.54 views

Metasploit Wrap-Up

An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...

9CVSS9.2AI score0.24173EPSS
Exploits19
0day.today
0day.today
added 2021/10/13 12:0 a.m.1473 views

Moodle Admin Shell Upload Exploit

This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this...

0.3AI score
Exploits3
Circl
Circl
added 2021/10/11 10:36 p.m.10 views

CVE-2019-11631

creationtimestamp| type| source ---|---|--- 2021-10-11 22:36:30+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodleadminshellupload.rb 2021-10-13 01:51:36+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/865 2025-02-06...

8.6AI score
Exploits3References2
CVE
CVE
added 2019/05/01 2:52 a.m.111 views

CVE-2019-11631

CVE-2019-11631 is withdrawn; the Initial Description states it was rejected and not a security issue. Connected sources reference a Moodle Admin Shell Upload Metasploit module that claims to exploit CVE-2019-11631 (admin credentials required) and list Moodle version testing ranges, but the CVE it...

9.1AI score
Exploits3
Cvelist
Cvelist
added 2019/05/01 2:52 a.m.28 views

CVE-2019-11631

...

Exploits3
Rows per page
Query Builder