Lucene search
+L

9 matches found

OpenVAS
OpenVAS
added 2023/10/25 12:0 a.m.29 views

Moodle 3.10.x <= 3.10.11 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

9.1CVSS6.5AI score0.24173EPSS
Exploits9References3
Rapid7 Blog
Rapid7 Blog
added 2021/10/15 6:49 p.m.55 views

Metasploit Wrap-Up

An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...

9CVSS9.2AI score0.24173EPSS
Exploits19
0day.today
0day.today
added 2021/10/13 12:0 a.m.1145 views

Moodle SpellChecker Path Authenticated Remote Command Execution Exploit

Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Mood...

9.1CVSS0.9AI score0.42566EPSS
Exploits11
Metasploit
Metasploit
added 2021/10/12 5:42 p.m.227 views

Moodle SpellChecker Path Authenticated Remote Command Execution

Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version...

9.1CVSS8.4AI score0.42566EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/10/12 12:0 a.m.349 views

Moodle SpellChecker Path Authenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle SpellChecker Path Authenticated Remote Command Execution', 'Description' = %q Moodle allows an authenticated administrator to define...

9.1CVSS0.5AI score0.42566EPSS
Exploits11
Check Point Advisories
Check Point Advisories
added 2021/07/26 12:0 a.m.57 views

Moodle Command Injection (CVE-2021-21809)

A command injection vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.9AI score0.24173EPSS
Exploits7
Circl
Circl
added 2021/06/24 2:17 a.m.24 views

CVE-2021-21809

creationtimestamp| type| source ---|---|--- 2021-06-24 02:17:50+00:00| seen| https://t.me/cibsecurity/25663 2021-10-11 22:36:30+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodlespellingpathrce.rb 2021-10-13 01:55:36+00:00| seen|...

9.1CVSS7.8AI score0.24173EPSS
Exploits7References4
OSV
OSV
added 2021/06/23 10:15 p.m.4 views

UBUNTU-CVE-2021-21809

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities...

9.1CVSS7.4AI score0.24173EPSS
Exploits7References3
CVE
CVE
added 2021/06/23 9:25 p.m.186 views

CVE-2021-21809

CVE-2021-21809 affects Moodle 3.10’s default legacy spellchecker plugin. A specially crafted sequence of HTTP requests can cause remote command execution, with exploitation requiring administrator privileges. Multiple feeds (NVD/NIST, CIRCL, and Nessus plugins) corroborate a command-injection/rem...

9.1CVSS9.1AI score0.24173EPSS
Exploits7References2Affected Software1
Rows per page
Query Builder