CVE-2018-1133

Evil Moodle - Remote Code Execution

Moodle 3.4.1 - Remote Code Execution - PHP

Vulnerability: A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

Score: CVSS v2.0: 6.5 // CVSS v3.x: 8.8

Shows on:

• HTB-Teacher

POC:

Moodle 3.4.1 - Remote Code ExecutionExploit Database

Resources:

CVE-2018-1133CVE.report

NVD - CVE-2018-1133