Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2018-1133

Published: 25/05/2018 Updated: 24/08/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Moodle

Vulnerability Summary

An issue exists in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moodle moodle

Exploits

Exploit DB: Moodle 3.4.1 - Remote Code Execution
<?php /** * Exploit Title: Moodle v341 RCE Exploit * Google Dork: inurl:"/course/jumptophp?jump=" * Date: 15 March 2019 * Exploit Author: Darryn Ten * Vendor Homepage: moodleorg * Software Link: githubcom/moodle/moodle/archive/v341zip * Version: 341 (Possibly < 350 and maybe even 3x) * Tested on: Linux wit ...
Exploit DB: Moodle 3.4.1 Remote Code Execution
Moodle version 341 remote code execution exploit ...

Github Repositories

https://github.com/jebidiah-anthony/htb_teacher

HTB Teacher (10.10.10.153)

HTB Teacher (101010153) Write-up PART 1 : Initial Recon nmap --min-rate 1000 -p- -v 101010153 PORT STATE SERVICE 80/tcp open http nmap -oN teachernmap -p 80 -sC -sV -v 101010153 PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2425 (

https://github.com/darrynten/MoodleExploit

Noodle [Moodle RCE] (v3.4.1) - CVE-2018-1133

Moodle Exploit Exploit Title: Moodle v341 RCE Exploit Google Dork: inurl:"/course/jumptophp?jump=" Date: 15 March 2019 Exploit Author: Darryn Ten Vendor Homepage: moodleorg Software Link: githubcom/moodle/moodle/archive/v341zip Version: 341 (Possibly < 350 and maybe even 3x) Tested on: Linux with Moodle v341 CVE : CVE-2018-1133

https://github.com/That-Guy-Steve/CVE-2018-1133-Exploit

CVE-2018-1133-Exploit This repository contains a python exploit script for the Moodle Evil Teacher exploit (CVE-2018-1133) Usage usage: Moodle Evil Teacher Exploit [-h] -u URL -l LOGIN -p PASSWORD -c COMMAND [-P PROXY] options: -h, --help show this help message and exit -u URL, --url URL Target URL -l LOGIN, --login LOGIN Login use

https://github.com/ra1nb0rn/search_vulns

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

search_vulns Search for known vulnerabilities in software using software titles or a CPE 23 string About search_vulns can be used to search for known vulnerabilities in software To achieve this, the tool utilizes a locally built vulnerability database, currently containing CVE information from the National Vulnerability Database (NVD) and exploit information from the Exploit

References

CWE-94https://moodle.org/mod/forum/discuss.php?d=371199http://www.securityfocus.com/bid/104307https://www.exploit-db.com/exploits/46551/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46551https://github.com/jebidiah-anthony/htb_teacher
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook