Month: March 2022

Moodle 2nd Order Sqli

Exploitation Summary Moodle is vulnerable to 2nd order sqli by users with Teacher or higher privileges. The reason these privileges are required is because the sqli is in the badge management functionality. When one has the Teacher role for a course it is possible to add a badge which students

Read More »