Published on February 27th, 2019 📆 | 6550 Views ⚑
0Hacking Moodle and gaining Remote Code Execution on its server
https://www.ispeech.org
Exploiting Moodle (open-source e-Learning software) and gaining remote code execution or be able to execute arbitrary commands on its server (operating system that Moodle is running).
Attack Summary:
By using a crafted math-formula, an attacker can execute malicious commands on the server. Attacker must be assigned as teacher role in a course.
Vulnerability Description:
Teacher creating Calculated question can intentionally cause remote code execution on server.
More information about the vulnerability:
CVE identifier: CVE-2018-1133
Severity/Risk: Serious
Versions affected: 3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed: 3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12
source
0 Responses to Hacking Moodle and gaining Remote Code Execution on its server