VDB
CVE-2020-14321
CVE-2020-14321
PUBLISHED
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
EPSS 39.40% · 97.4th percentile
Risk Scores
EPSS Score
39.40%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | moodle | 3.8.0, 3.5.0, 3.7.0 |
| Bitnami | moodle | 3.5.0, 3.7.0, 3.8.0 |
Exploit Intelligence
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Course enrolments allowed privilege escalation from teacher role into manager role to RCE (github-poc-repo)
- Python script to exploit CVE-2020-14321 - Moodle 3.9 - Course enrollments allowed privilege escalation from teacher role into manager role to RCE. (github-poc-repo)
- Python script to exploit CVE-2020-14321 - Moodle 3.9 - Course enrollments allowed privilege escalation from teacher role into manager role to RCE. (github-poc-repo)
…and 43 more exploits
Timeline
- Jul 20, 2020 CVE Published
- Aug 5, 2021 PoC Published
- Oct 11, 2021 PoC Published
- Oct 13, 2021 PoC Published
- Aug 17, 2022 EPSS Score
- Aug 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 15, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Mar 8, 2024 EPSS Score