Published: 06/03/2023 Updated: 13/03/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle

CVE-2021-36394-Pre-Auth-RCE-in-Moodle Vulnerability Introduction Moodle is the most popular learning management system in the world Start creating your eLearning website in minutes! An unauthorized remote code execution vulnerability exists in the Shibboleth authentication module of Moodle This is widely used in universities to allow students from one university to authentica

CVE-2021-36394 Update table or Change password Admin: Custom Code $newpassword = "Accounttakedover123"; Then Execute: $ CVE2021-36394php victim/path_to_moodle Execute function Custom Code $function = "header"; $param = "Hacked: by0d0ff9"; Then Execute: $ CVE2021-36394_RCEphp victim/path_to_moodle Demo: wwwyoutubecom/watch

US govt: Here are another 15 security bugs under attack right now

The Register • Gareth Corfield • 01 Jan 1970

Get our weekly newsletter Best plug HiveNightmare if you haven't already, unless you like new admins

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue. Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency (CISA) now maintains a public list of vulnerabilities that are, or have been, actively exploited. These latest additions to the database include CVEs as old as 2017 and affecting products from M...

CVE-2021-36394

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect