diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 0bd058beab31..5a438a58e79d 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -78139,6 +78139,68 @@ "session_types": false, "needs_cleanup": null }, + "exploit_linux/http/moodle_rce": { + "name": "Moodle Remote Code Execution (CVE-2024-43425)", + "fullname": "exploit/linux/http/moodle_rce", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2024-08-27", + "type": "exploit", + "author": [ + "Michael Heinzl", + "RedTeam Pentesting GmbH" + ], + "description": "This module exploits a command injection vulnerability in Moodle (CVE-2024-43425) to obtain remote code execution.\n Affected versions include 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11, and earlier unsupported versions.", + "references": [ + "URL-https://blog.redteam-pentesting.de/2024/moodle-rce/", + "URL-https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-009/", + "URL-https://moodle.org/mod/forum/discuss.php?d=461193", + "CVE-2024-43425" + ], + "platform": "Linux", + "arch": "cmd", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Linux Command" + ], + "mod_time": "2024-11-13 03:40:22 +0000", + "path": "/modules/exploits/linux/http/moodle_rce.rb", + "is_install_path": true, + "ref_name": "linux/http/moodle_rce", + "check": false, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + "event-dependent" + ], + "SideEffects": [ + "ioc-in-logs" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_linux/http/multi_ncc_ping_exec": { "name": "D-Link/TRENDnet NCC Service Command Injection", "fullname": "exploit/linux/http/multi_ncc_ping_exec",