NA

CVE-2020-14321

Vulnerability Summary

Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and previous versions unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add someone with manager privileges on the system (not just the class). After adding a system manager, a loginas feature is used to access their account. Next the system is reconfigured to allow for all users to install an addon/plugin. Then a malicious theme is uploaded and creates an RCE. If all of that is a success, we revert permissions for managers to system default and remove our malicious theme. Manual cleanup to remove students from the class is required. This Metasploit module was tested against Moodle version 3.9.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Mailing Lists

Moodle versions 39, 38 to 383, 37 to 376, 35 to 3512, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution A bug in the privileges system allows a teacher to add themselves as a manager to their own class They can then add any other users, and thus look to add someone with manager privileges on ...
Moodle version 39 authenticated remote code execution exploit ...

Github Repositories

Course enrolments allowed privilege escalation from teacher role into manager role to RCE

CVE-2020-14321 Course enrolments allowed privilege escalation from teacher role into manager role to RCE Video PoC vimeocom/441698193 My blog about PoC hocvahocme/indexphp/2020/07/25/tu-quyen-teacher-len-rce-nhu-the-nao-trong-moodlecve-2020-14321/ Source moodleorg/mod/forum/discussphp?d=407393 Link to Download rcezip githubcom/HoangKien102

Python script to exploit CVE-2020-14321 - Moodle 39 Course enrolments allowed privilege escalation from teacher role into manager role to RCE Teachers of a course were able to assign themselves the manager role within that course Payload extracted from: githubcom/HoangKien1020/CVE-2020-14321 Usage If you have valid teacher credentials (InReaLife this has not been

Python script to exploit CVE-2020-14321 - Course enrolments allowed privilege escalation from teacher role into manager role to RCE Teachers of a course were able to assign themselves the manager role within that course Payload extracted from: githubcom/HoangKien1020/CVE-2020-14321 Usage ❭ python3 CVE-2020-14321_RCEpy -h __ __ __ __ __ __

Moodle_39_RCE_AutoPwn AutoPwn Script for Moodle 39 leveraging CVE-2020–20282, CVE-2020–14320,CVE-2020–14321 asciinemaorg/a/417517

Title Solution to the Python reverse encryption script that is provided in the Bold: Italic Title 2 sample code Alen & Mitch’s Hack E’Spezialle Essential Gadget Collection: Legion - Nmap but through GUI Dirsearch - Directory discovery tool Gobuster -Directory/Sub-domain and DNS Discovery Tool wwwhackingarticle

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android