Metasploit modules that can be used to exploit Moodle products

Order by Disclosure Date Module Name Module Type
  • Moodle SpellChecker Path Authenticated Remote Command Execution
    Disclosure Date: 2021-06-22
    First seen: 2022-12-23
    exploit/multi/http/moodle_spelling_path_rce
    Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version 3.11.2, 3.10.0, and 3.8.0. Authors: - Adam Reiser - h00die
  • Moodle Teacher Enrollment Privilege Escalation to RCE
    Disclosure Date: 2020-07-20
    First seen: 2022-12-23
    exploit/multi/http/moodle_teacher_enrollment_priv_esc_to_rce
    Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions allow for a teacher to exploit chain to RCE. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add someone with manager privileges on the system (not just the class). After adding a system manager, a 'loginas' feature is used to access their account. Next the system is reconfigured to allow for all users to install an addon/plugin. Then a malicious theme is uploaded and creates an RCE. If all of that is a success, we revert permissions for managers to system default and remove our malicoius theme. Manual cleanup to remove students from the class is required. This module was tested against Moodle version 3.9 Authors: - HoangKien1020 - lanz - h00die
  • Moodle Authenticated Spelling Binary RCE
    Disclosure Date: 2013-10-30
    First seen: 2022-12-23
    exploit/multi/http/moodle_spelling_binary_rce
    Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3. Authors: - Brandon Perry <bperry.volatile@gmail.com>
  • Moodle Authenticated Spelling Binary RCE
    Disclosure Date: 2013-10-30
    First seen: 2022-12-23
    exploit/multi/http/moodle_spelling_binary_rce
    Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3. Authors: - Brandon Perry <bperry.volatile@gmail.com>
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close