Evil Teacher: Code Injection in Moodle

12 Jun 2018 by Robin Peraglie

Code Injection Exploit in Moodle

Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release detected by RIPS Code Analysis. It is located in the Quiz component of Moodle and can be successfully exploited through the teacher role in order to perform remote code execution. If you are running Moodle < 3.5.0 we highly recommend to update your instances to the newest version immediately.

Read More ...