Published: 01/11/2013 Updated: 12/10/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

Moodle up to and including 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 2.5.0
moodle moodle 2.4.1
moodle moodle 2.3.8
moodle moodle 2.3.1
moodle moodle 2.2.9
moodle moodle 2.2.2
moodle moodle 2.2.10
moodle moodle 2.1.7
moodle moodle 2.1.5
moodle moodle 2.0.9
moodle moodle 2.0.7
moodle moodle 2.0.0
moodle moodle 1.9.8
moodle moodle 1.9.3
moodle moodle 1.9.18
moodle moodle 1.9.11
moodle moodle 1.9.1
moodle moodle 1.8.4
moodle moodle 1.8.2
moodle moodle 1.8.10
moodle moodle 1.6.7
moodle moodle 1.6.0
moodle moodle 1.5.2
moodle moodle 1.4.4
moodle moodle 1.4.2
moodle moodle 1.2.1
moodle moodle 1.1.1
moodle moodle 2.3.6
moodle moodle 2.3.5
moodle moodle 2.3.4
moodle moodle 2.3.3
moodle moodle 2.2.1
moodle moodle 2.2.0
moodle moodle 2.1.9
moodle moodle 2.1.8
moodle moodle 2.0.6
moodle moodle 2.0.5
moodle moodle 2.0.4
moodle moodle 2.0.3
moodle moodle 2.0.2
moodle moodle 1.9.16
moodle moodle 1.9.15
moodle moodle 1.9.14
moodle moodle 1.9.13
moodle moodle 1.8.14
moodle moodle 1.8.13
moodle moodle 1.8.12
moodle moodle 1.8.11
moodle moodle 1.6.5
moodle moodle 1.6.4
moodle moodle 1.6.3
moodle moodle 1.6.2
moodle moodle 1.3.4
moodle moodle 1.3.3
moodle moodle 1.3.2
moodle moodle 1.3.1
moodle moodle 2.4.5
moodle moodle 2.4.4
moodle moodle 2.4.3
moodle moodle 2.4.2
moodle moodle 2.2.8
moodle moodle 2.2.7
moodle moodle 2.2.6
moodle moodle 2.2.5
moodle moodle 2.2.4
moodle moodle 2.1.3
moodle moodle 2.1.2
moodle moodle 2.1.10
moodle moodle 2.1.1
moodle moodle 1.9.7
moodle moodle 1.9.6
moodle moodle 1.9.5
moodle moodle 1.9.4
moodle moodle 1.8.9
moodle moodle 1.8.8
moodle moodle 1.8.7
moodle moodle 1.8.6
moodle moodle 1.7.5
moodle moodle 1.7.4
moodle moodle 1.7.3
moodle moodle 1.7.2
moodle moodle 1.5.1
moodle moodle 1.5.0
moodle moodle 1.5
moodle moodle 1.4.5
moodle moodle 2.5.1
moodle moodle 2.4.0
moodle moodle 2.3.7
moodle moodle 2.3.2
moodle moodle 2.3.0
moodle moodle 2.2.3
moodle moodle 2.2.11
moodle moodle 2.1.6
moodle moodle 2.1.4
moodle moodle 2.1.0
moodle moodle 2.0.8
moodle moodle 2.0.1
moodle moodle 1.9.9
moodle moodle 1.9.2
moodle moodle 1.9.17
moodle moodle 1.9.12
moodle moodle 1.9.10
moodle moodle 1.8.5
moodle moodle 1.8.3
moodle moodle 1.8.1
moodle moodle 1.7.6
moodle moodle 1.7.1
moodle moodle 1.6.8
moodle moodle 1.6.6
moodle moodle 1.6.1
moodle moodle 1.5.3
moodle moodle 1.4.3
moodle moodle 1.4.1
moodle moodle 1.3.0
moodle moodle 1.2.0
moodle moodle

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'rexml/document' class Metasploit4 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient def initialize(info= ...

Moodle allows an authenticated administrator to define spellcheck settings via the web interface An administrator can update the aspell path to include a command injection This is extremely similar to CVE-2013-3630, just using a different variable This Metasploit module was tested against Moodle versions 3112, 3100, and 380 ...

Moodle allows an authenticated administrator to define spellcheck settings via the web interface An administrator can update the aspell path to include a command injection This is extremely similar to CVE-2013-3630, just using a different variable This module was tested against Moodle version 3112, 3100, and 3 ...

Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version 3.11.2, 3.10.0, and 3.8.0.

msf > use exploit/multi/http/moodle_spelling_path_rce
msf exploit(moodle_spelling_path_rce) > show targets
    ...targets...
msf exploit(moodle_spelling_path_rce) > set TARGET < target-id >
msf exploit(moodle_spelling_path_rce) > show options
    ...show and set options...
msf exploit(moodle_spelling_path_rce) > exploit

CWE-94 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/29324/https://www.rapid7.com/db/modules/exploit/multi/http/moodle_spelling_path_rce/

Get Started

CVE-2013-3630

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

References

Vulmon Search

About

Products

Connect