CVE-2024-43425

This exploit leverages an authenticated RCE vulnerability in Moodle by uploading a malicious calculated question with a payload that executes system commands via PHP object injection. The exploit chains multiple steps to achieve command execution.

This repository contains functional exploit code demonstrating a remote code execution vulnerability in Moodle's calculated questions feature (CVE-2024-43425). It includes scripts to test validation logic and generate payloads for arbitrary PHP function execution via variable functions.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

This repository contains a functional exploit for CVE-2024-43425, an authenticated RCE vulnerability in Moodle. The exploit leverages insecure question bank editing functionality to execute arbitrary commands on the server.

This repository contains a functional Python exploit for CVE-2024-43425, targeting a remote code execution (RCE) vulnerability in Moodle. The exploit automates authentication, session key extraction, and payload delivery via crafted question creation in Moodle's quiz module.

This repository provides a Docker-based setup to replicate a vulnerable Moodle environment for CVE-2024-43425. It includes instructions to deploy a MariaDB container and a Moodle instance, likely to demonstrate an exploit in a controlled environment.

This repository provides a detailed technical analysis of CVE-2024-43425, a vulnerability in Moodle's calculated question type that allows arbitrary command execution. The writeup includes root cause analysis, exploitation steps, and proof-of-concept details demonstrating how attackers can bypass input validation to achieve RCE.

This repository contains a functional exploit for CVE-2024-43425, which leverages improper sanitization in Moodle's calculated question feature to achieve remote code execution. The exploit automates the process of logging in, uploading a malicious question, and triggering the payload.

This Metasploit module exploits a command injection vulnerability in Moodle (CVE-2024-43425) to achieve remote code execution. It authenticates as a user with quiz question creation privileges and injects a command via a crafted question submission.