CVE-2021-36393
CRITICALMoodle <3.9.8 and 3.11.0-beta-3.11.1 - SQL Injection
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2021-36393. PoCs published by StackOverflowExcept1on.
AI-analyzed exploit summary This repository contains a functional JavaScript-based exploit for CVE-2021-36393, a blind SQL injection vulnerability in Moodle. The exploit leverages bit-shifting techniques to extract sensitive data such as user password hashes, session IDs, and quiz answers.
Description
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
Exploits (2)
This repository contains a functional JavaScript-based exploit for CVE-2021-36393, a blind SQL injection vulnerability in Moodle. The exploit leverages bit-shifting techniques to extract sensitive data such as user password hashes, session IDs, and quiz answers.
This repository contains a functional Python exploit for CVE-2021-36393, a time-based SQL injection vulnerability in Moodle's 'sort' parameter. The exploit extracts database names, usernames, and password hashes using a time-based blind SQLi technique.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H