CVE-2017-2641
CRITICALMoodle 2.x-3.x - SQL Injection via User Preferences
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-2641. PoCs published by Marko Belzetski.
AI-analyzed exploit summary This exploit leverages PHP object injection via user preferences to perform SQL injection, allowing an authenticated user to escalate privileges to administrator by manipulating the Moodle database.
Description
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Exploits (1)
exploitdb
WORKING POC
by Marko Belzetski · phpwebappsphp
https://www.exploit-db.com/exploits/41828
This exploit leverages PHP object injection via user preferences to perform SQL injection, allowing an authenticated user to escalate privileges to administrator by manipulating the Moodle database.
Classification
Working Poc 100%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target:
Moodle 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18
Auth required
Prerequisites:
Valid user credentials · MoodleSession cookie · sesskey parameter · userid
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/41828/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96977
Patch, Third Party Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=349419
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038174
Scores
CVSS v3
9.8
EPSS
0.0190
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (34)
moodle/moodle
2.7.0 (4 CPE variants)
moodle/moodle
2.7.1
moodle/moodle
2.7.2
moodle/moodle
2.7.3
moodle/moodle
2.7.4
moodle/moodle
2.7.5
moodle/moodle
2.7.6
moodle/moodle
2.7.7
moodle/moodle
2.7.8
moodle/moodle
2.7.9
... and 24 more
Published
Mar 26, 2017
Tracked Since
Feb 18, 2026