Priya PatelTLDR:
Researchers discovered a critical vulnerability in the Moodle learning platform that allowed for remote code execution. By exploiting the calculated questions feature, attackers could inject malicious code into the system. Moodle released patches to address the issue, but older PHP versions are still vulnerable to exploitation.
Researchers Exploited Remote Code Execution in Moodle Platform
Researchers found a critical vulnerability in the popular learning platform Moodle that allowed for remote code execution. The issue stemmed from improper sanitization of user input, which enabled attackers to inject malicious code into the system. Moodle released patches to address the vulnerability in some versions but emphasized that older PHP versions are still at risk.
The vulnerability was discovered in Moodle’s calculated questions feature, which is used to generate numerical questions for quizzes. This feature allows trainers to define formulas for answer checking, with evaluations performed using the eval() function. While there is some basic validation in place, attackers can bypass it to execute arbitrary code.
The penetration test revealed that by manipulating the answer formula in calculated questions, attackers could execute arbitrary PHP functions. This could lead to the deletion of courses or access to sensitive information. The Red Team exploited a syntax error in the PHP interpreter to access object properties and execute arbitrary functions with a single numeric parameter.
Overall, the remote code execution vulnerability in Moodle highlights the importance of proper input validation and regular security updates to prevent cyber attacks and data breaches.
