Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in…
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to…
This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the…
Sonicwall SonicOS 7.0 – Host Header Injection
Logitech Media Server 8.2.0 – ‘Title’ Cross-Site Scripting (XSS)
Student Quarterly Grading System 1.0 – ‘grade’ Stored Cross-Site Scripting (XSS)
Simple Issue Tracker System 1.0 – SQLi Authentication Bypass
Online Learning System 2.0 – ‘Multiple’ SQLi Authentication Bypass
Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection