M4LV0

3 exploits Active since May 2018
CVE-2018-1133 NOMISEC HIGH WORKING POC
Moodle 3.1.0-3.1.11, 3.1-3.1.12 - Remote Code Execution via Calculated Question Eval Injection
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
CVSS 8.8
CVE-2018-9276 NOMISEC HIGH WORKING POC
PRTG Network Monitor < 18.2.39 - Authenticated OS Command Injection via Sensor or Notification Parameters
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
CVSS 7.2
CVE-2018-9276 EXPLOITDB HIGH bash WORKING POC
PRTG Network Monitor < 18.2.39 - Authenticated OS Command Injection via Sensor or Notification Parameters
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
CVSS 7.2