Showing 1 - 1 of 1

CVE-2021-21809

Status Candidate

Overview

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

Related Files

Moodle SpellChecker Path Authenticated Remote Command Execution: Posted Oct 12, 2021; Authored by h00die, Adam Reiser | Site metasploit.com; Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Moodle versions 3.11.2, 3.10.0, and 3.8.0.; tags | exploit, web; advisories | CVE-2021-21809; SHA-256 | 33c8bb6a0f9058457ef9ea11c88cb44a8e6a479225f59eb841f22283ace6b68d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 144 files
Ubuntu 96 files
indoushka 37 files
Debian 24 files
nu11secur1ty 17 files
Gentoo 13 files
Apple 13 files
Google Security Research 8 files
CraCkEr 6 files
mjurczyk 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,846)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,335)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,841)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,925)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,949)
UNIX (9,317)
UnixWare (186)
Windows (6,590)
Other

CVE-2021-21809

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems