9 matches found
Moodle 3.10.x <= 3.10.11 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
Metasploit Wrap-Up
An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...
Moodle SpellChecker Path Authenticated Remote Command Execution Exploit
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Mood...
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version...
Moodle SpellChecker Path Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle SpellChecker Path Authenticated Remote Command Execution', 'Description' = %q Moodle allows an authenticated administrator to define...
Moodle Command Injection (CVE-2021-21809)
A command injection vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2021-21809
creationtimestamp| type| source ---|---|--- 2021-06-24 02:17:50+00:00| seen| https://t.me/cibsecurity/25663 2021-10-11 22:36:30+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodlespellingpathrce.rb 2021-10-13 01:55:36+00:00| seen|...
UBUNTU-CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities...
CVE-2021-21809
CVE-2021-21809 affects Moodle 3.10’s default legacy spellchecker plugin. A specially crafted sequence of HTTP requests can cause remote command execution, with exploitation requiring administrator privileges. Multiple feeds (NVD/NIST, CIRCL, and Nessus plugins) corroborate a command-injection/rem...