Moodle versions 39, 38 to 383, 37 to 376, 35 to 3512, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution A bug in the privileges system allows a teacher to add themselves as a manager to their own class They can then add any other users, and thus look to add someone with manager privileges on ...
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
CVE-2020-14321
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
Maybe someone needs Python script, therefore, I have written it to exploit
How to use this PoC:
How to use this PoC script
Case 1 If you have vaid credentials:
python3 cve202014321py -u testlocal:8080 -u teacher -p 1234 -cmd=dir
Case 2 If you have val
Python script to exploit CVE-2020-14321 - Moodle 3.9 - Course enrollments allowed privilege escalation from teacher role into manager role to RCE.
Python script to exploit CVE-2020-14321 - Moodle 39
Course enrolments allowed privilege escalation from teacher role into manager role to RCE
Teachers of a course were able to assign themselves the manager role within that course
Payload extracted from: githubcom/HoangKien1020/CVE-2020-14321
Usage
If you have valid teacher credentials (InReaLife this has not been