Moodle | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle	RCE Security Code Review	Moodle	RedTeam Pentesting (@RedTeamPT)
Playing Dominos with Moodle's Security (2/2)	Self-XSS Account Takeover OAuth Security Code Review	Moodle	Yaniv Nizry (@YNizry)
Playing Dominos with Moodle's Security (1/2)	Stored XSS Arbitrary Folder Creation RCE Security Code Review	Moodle	Yaniv Nizry (@YNizry)
How I found Moodle Cross site scripting	XSS	Moodle	ParagBagul
Moodle 2nd Order Sqli	SQL Injection	Moodle	Mufinnnnnnn (@Mufinnnnnnn)
Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)	SQL Injection Broken Access Control	Moodle	0xkasper (@0xkasper)
Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth	Session Hijacking Session Management Issue Account Takeover RCE	Moodle	Johannes Moritz Robin Peraglie
Moodle Blind SQL injection via MNet authentication	SQL Injection	Moodle	Rekter0 (@Rekter0)
Diving into Open-source LMS Codebases	Insecure File Upload Insecure Deserialization RCE CSRF SQL Injection Reflected XSS	Moodle Chamilo LMS	Poh Jia Hao (@Chocologicall)
Moodle - Stored XSS and blind SSRF possible via feedback answer text	Stored XSS SSRF	Moodle	Rekter0 (@Rekter0) Holme (@Holme_sec)
Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth	RCE PHP Object Injection	Moodle	Johannes Moritz Robin Peraglie
Obtaining XSS Using Moodle Features and Minor Bugs	Login CSRF XSS	Moodle	Daniel Thatcher (@_Danielthatcher)

Page 1 of 1