Moodle versions 39, 38 to 383, 37 to 376, 35 to 3512, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution A bug in the privileges system allows a teacher to add themselves as a manager to their own class They can then add any other users, and thus look to add someone with manager privileges on ...
Python script to exploit CVE-2020-14321 - Moodle 3.9 - Course enrollments allowed privilege escalation from teacher role into manager role to RCE.
Python script to exploit CVE-2020-14321 - Moodle 39
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
Teachers of a course were able to assign themselves the manager role within that course
Payload extracted from: githubcom/HoangKien1020/CVE-2020-14321
Usage
If you have valid teacher credentials (InReaLife this has not been
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
CVE-2020-14321
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
Maybe someone needs Python script, therefore, I have written it to exploit
How to use this PoC:
How to use this PoC script
Case 1 If you have vaid credentials:
python3 cve202014321py -u testlocal:8080 -u teacher -p 1234 -cmd=dir
Case 2 If you have val