Moodle 2.x/ 3.x – SQL Injection. CVE-2017-2641 . webapps exploit for PHP platform, In Moodle 3.x , students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. 35 CVE-2017-12157: 200 +Info 2017-09-18: 2017-09-28, In Moodle 3.x , the setting for blocked hosts list can be bypassed with multiple A record hostnames. CVE-2018-1043 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four.
Moodle 3.4.1 – Remote Code Execution. CVE-2018-1133 . webapps exploit for PHP platform, Moodle 3.x PHP Unserialize Remote Code Execution. … To exploit this vulnerability an attacker needs permissions to create a quiz or at least be able to import questions. A user of the role teacher usually has these permissions. However, students can also be assigned to the role teacher for, Moodle 2.x/ 3.x – SQL Injection Exploit 2017-04-07T00:00:00. ID 1337DAY-ID-27534 Type zdt Reporter Marko Belzetski Modified 2017-04-07T00:00:00. Description. Exploit for.
3/15/2019 · Noodle [ Moodle RCE] (v3.4.1) – CVE-2018-1133. Contribute to darrynten/MoodleExploit development by creating an account on GitHub.
Instructure, Martin Dougiamas, Blackboard Inc.
PHP, D2L
