module
Moodle SpellChecker Path Authenticated Remote Command Execution
| Disclosed |
|---|
| Jun 22, 2021 |
Disclosed
Jun 22, 2021
Description
Moodle allows an authenticated administrator to define spellcheck settings via the web interface.
An administrator can update the aspell path to include a command injection. This is extremely
similar to CVE-2013-3630, just using a different variable.
This module was tested against Moodle version 3.11.2, 3.10.0, and 3.8.0.
An administrator can update the aspell path to include a command injection. This is extremely
similar to CVE-2013-3630, just using a different variable.
This module was tested against Moodle version 3.11.2, 3.10.0, and 3.8.0.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.