CVE-2024-43425 Scanner

Moodle is a widely used learning management system (LMS) that supports online education and courses for schools, universities, and businesses globally. It enables educators to create dynamic learning environments with rich content features like quizzes, forums, and assignments. Moodle is open-source, and developers around the world contribute to its code. Its flexibility makes it a popular choice for customized educational platforms. However, misconfigurations or security flaws like remote code execution can leave Moodle installations vulnerable to attacks.

This vulnerability allows authenticated users with permission to create or modify questions in Moodle courses to execute arbitrary commands on the server. It stems from improperly handled input in calculated questions, where attackers can inject malicious commands. This type of vulnerability is critical, as it grants access to execute code on the underlying system. Successful exploitation can lead to full control of the server.

The vulnerability lies in Moodle's handling of calculated question types within the course quiz module. When creating or editing a question, an attacker can inject arbitrary system commands into the answer field. The vulnerable parameter is the calculated question's answer input, where crafted payloads exploit improper input validation. This allows an attacker to gain access to the server by leveraging this flaw through POST requests. The issue affects systems that allow insufficiently restricted question management by certain users.

If exploited, this vulnerability can lead to the full compromise of the Moodle server. Attackers may gain unauthorized access to sensitive information, install backdoors, or disrupt services by executing malicious code. Additionally, server resources could be misused, resulting in denial of service or further penetration into connected systems within the network.

By using the S4E platform, users can effectively identify critical vulnerabilities like Remote Code Execution in their Moodle instances. The platform offers continuous monitoring, detailed reporting, and remediation guidance to help prevent exploitation. With automated scans and real-time alerts, you can safeguard your systems from potential security breaches. Join S4E today to ensure comprehensive protection for your online assets.

References:

• https://github.com/RedTeamPentesting/moodle-rce-calculatedquestions
• https://blog.redteam-pentesting.de/2024/moodle-rce/
• https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-009/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43425