An issue exists in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
HTB Teacher (101010153) Write-up
PART 1 : Initial Recon
nmap --min-rate 1000 -p- -v 101010153
PORT STATE SERVICE
80/tcp open http
nmap -oN teachernmap -p 80 -sC -sV -v 101010153
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2425 (
Search for known vulnerabilities in software using software titles or a CPE 2.3 string
search_vulns
Search for known vulnerabilities in software using software titles or a CPE 23 string
About
search_vulns can be used to search for known vulnerabilities in software To achieve this, the tool utilizes a locally built vulnerability database, currently containing CVE information from the National Vulnerability Database (NVD) and exploit information from the Exploit