Showing 1 - 1 of 1

CVE-2021-21809

Status Candidate

Overview

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

Related Files

Moodle SpellChecker Path Authenticated Remote Command Execution: Posted Oct 12, 2021; Authored by h00die, Adam Reiser | Site metasploit.com; Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Moodle versions 3.11.2, 3.10.0, and 3.8.0.; tags | exploit, web; advisories | CVE-2021-21809; SHA-256 | 33c8bb6a0f9058457ef9ea11c88cb44a8e6a479225f59eb841f22283ace6b68d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 218 files
indoushka 135 files
Ubuntu 82 files
Gentoo 33 files
Debian 26 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,919)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,636)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,782)
UNIX (9,441)
UnixWare (187)
Windows (6,677)
Other

CVE-2021-21809

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems