Hacking Moodle and gaining Remote Code Execution on its server

Exploiting Moodle (open-source e-Learning software) and gaining remote code execution or be able to execute arbitrary commands on its server (operating system that Moodle is running). Attack Summary: By using a crafted math-formula, an attacker can execute malicious commands on the server. Attacker must be assigned as teacher role in a course. Vulnerability Description: Teacher creating Calculated question can intentionally cause remote code execution on server. More information about the vulnerability: CVE identifier: CVE-2018-1133 Severity/Risk: Serious Versions affected: 3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions Versions fixed: 3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12

Видео Hacking Moodle and gaining Remote Code Execution on its server автора Кодерские основы