漏洞描述
Moodle是澳大利亚马丁-多基马(Martin Dougiamas)博士开发的一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 3.1.2版本中的legacy course文件和file manager模块中存在任意文件上传漏洞。远程攻击者可通过上传可执行扩展的文件利用该漏洞执行任意代码。
Moodle 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2021-26812: Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting POC
2025-08-01 | Moodle Jitsi MeetMoodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the &qu... -
CVE-2022-35653: Moodle LTI module Reflected - Cross-Site Scripting POC
2025-08-01 | Moodle LTI moduleA reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to in... -
CVE-2023-30943: Moodle - Cross-Site Scripting/Remote Code Execution POC
2025-08-01 | MoodleThe vulnerability was found Moodle which exists because the application allows a user to control pat... -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo... -
D-Link DIR-645 命令注入漏洞 无POC
2025-09-22 00:22:31 | D-Link DIR-645D-Link DIR-645是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞,该漏洞源于对文件/soap.cgi中参数service的错...