Skip to content

kazuya256/Moodle-authenticated-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8 Commits
images
images
Β 
Β 
README.md
README.md
Β 
Β 
app.py
app.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

Moodle 4.4.0 - Authenticated Remote Code Execution (CVE-2024-43425) Exploit

CVE: CVE-2024-43425

Affected Versions

  • Moodle 4.4 to 4.4.1
  • Moodle 4.3 to 4.3.5
  • Moodle 4.2 to 4.2.8
  • Moodle 4.1 to 4.1.11

Description

This exploit targets an authenticated Remote Code Execution (RCE) vulnerability in Moodle versions listed above. It allows an attacker with valid credentials to execute arbitrary commands on the server by exploiting insecure question bank editing functionality.

Usage

  1. Clone or download this repository.
  2. Install required dependencies: 
    pip install -r requirements.txt
  3. Run the exploit script: 
     python exploit.py --url http://target_moodle_url --username your_username --password your_password --cmd "whoami"

πŸ–ΌοΈ Screenshot

Sample Output

Disclaimer

This exploit is provided for educational and authorized testing purposes only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.

Reference

Github

just a small tweak.

About

πŸš€ Exploit for Moodle 4.4.0 Authenticated RCE (CVE-2024-43425) β€” run commands remotely ⚑

Topics

exploit rce moodle

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages