ROS-20250822-06

Vulnerability in Moodle virtual learning environment related to user session hijacking via the sesskey. Exploitation of the vulnerability could allow an attacker acting remotely to obtain sensitive data...

Session Fixation

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Session Fixation via the sesskey parameter. An attacker can gain unauthorized access to another user's session by obtaining and reusing the sesskey within the OAuth2 login flow, resulting in the...

UBUNTU-CVE-2025-53021

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...

Moodle 授权问题漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. An authorization issue vulnerability exists in Moodle versions 3.x through 3.11.18, which stems from a session fixation...

CVE-2025-53021

CVE-2025-53021 describes a session fixation flaw in Moodle 3.x up to 3.11.18. The vulnerability allows unauthenticated attackers to hijack a victim’s session by abusing the sesskey parameter within the OAuth2 login flow, causing the victim’s account to be linked to the attacker. Root cause identi...

Moodle Authenticated Spelling Binary RCE

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...

PT-2019-11610 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7.1 Moodle versions prior to 3.6.5 Moodle versions prior to 3.5.7 Description: A flaw was found in the XML loading/unloading admin tool where a sesskey CSRF token was not being utilized. Recommendations: For version...

Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting

Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide educators, administrators and learners with a single...

Moodle Remote Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit4 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp...

Moodle Remote Command Execution Vulnerability

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...

Moodle Remote Command Execution

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...

Moodle Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit4 'Moodle Remote Command Execution', 'Description' = %q Moodle allows an authenticated user to define spellchec...