Published: 23/06/2021 Updated: 24/08/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 3.10.0

Moodle allows an authenticated user to define spellcheck settings via the web interface The user can update the spellcheck mechanism to point to a system-installed aspell binary By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking request ...

CVE-2021-21809 POC

CVE-2021-21809 POC CVE details: A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 310 A specially crafted series of HTTP requests can lead to command execution An attacker must have administrator privileges to exploit this vulnerabilities In the below video, I'm going to gain access to Golden Eye 1 OSCP Lab by exploiting this

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277 http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html https://nvd.nist.gov https://github.com/anldori/CVE-2021-21809 https://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html

CVE-2021-21809

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect