CVE-2020-14321

HIGH

Moodle Teacher Enrollment Privilege Escalation to RCE

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-14321. PoCs published by HoangKien1020, lanzt, f0ns1, including Metasploit module exploits/multi/http/moodle_teacher_enrollment_priv_esc_to_rce.

AI-analyzed exploit summary This repository contains a Python script that exploits CVE-2020-14321, a privilege escalation vulnerability in Moodle allowing a teacher role to escalate to manager and achieve remote code execution (RCE). The script supports both credential-based and cookie-based authentication.

Description

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.

Exploits (4)

nomisec WORKING POC 44 stars
by HoangKien1020 · poc
https://github.com/HoangKien1020/CVE-2020-14321

This repository contains a Python script that exploits CVE-2020-14321, a privilege escalation vulnerability in Moodle allowing a teacher role to escalate to manager and achieve remote code execution (RCE). The script supports both credential-based and cookie-based authentication.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Moodle (versions affected by CVE-2020-14321)
Auth required
Prerequisites: Valid teacher credentials or session cookie · Access to the Moodle instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 20 stars
by lanzt · poc
https://github.com/lanzt/CVE-2020-14321

This is a functional exploit for CVE-2020-14321, targeting Moodle 3.9. It leverages a privilege escalation vulnerability from the teacher role to manager, enabling remote code execution (RCE) via plugin installation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Moodle 3.9
Auth required
Prerequisites: Authenticated teacher account or valid teacher session cookie · Course ID and manager user ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by f0ns1 · poc
https://github.com/f0ns1/CVE-2020-14321-modified-exploit

This is a modified exploit for CVE-2020-14321, targeting Moodle for privilege escalation. It leverages a vulnerability to escalate a teacher's privileges to a manager role within a course.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Moodle (specific version not specified)
Auth required
Prerequisites: Valid teacher credentials or session cookie · Access to a vulnerable Moodle instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by HoangKien1020, lanz, h00die · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodle_teacher_enrollment_priv_esc_to_rce.rb

This Metasploit module exploits a privilege escalation chain in Moodle (CVE-2020-14321) to achieve RCE by abusing teacher enrollment to gain manager privileges, then uploading a malicious theme. It requires authentication and multiple steps to succeed.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier
Auth required
Prerequisites: Valid teacher credentials · Access to a Moodle instance with vulnerable version · Ability to enroll users and upload themes
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.3940
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-863
Status published
Products (3)
moodle/moodle 3.9.0
moodle/moodle 3.5.0 - 3.5.13
moodle/moodle 3.9.0-beta - 3.9.1Packagist
Published Aug 16, 2022
Tracked Since Feb 18, 2026