Exploitation of this vulnerability requires no authentication, thus it might be a low-severity issue, but it is still important to be aware of it.
A proof of concept is posted on the official website of the hospital management software, showing how an attacker can execute arbitrary code on the affected system.
CVE-2018-1121 - Cross Site Request Forgery (CSRF) Vulnerability in PHP/Moodle An open RedTeam lead discovered a critical CSRF vulnerability in PHP/Moodle while testing the Hospital Management System.
A proof of concept is available on the official website of the hospital management software.
This vulnerability can be exploited by an attacker without any user interaction.
CVE-2018-1122 - SQL Injection Vulnerability in PHP/Moodle An open RedTeam lead discovered a critical SQL injection vulnerability in PHP/Moodle while testing the Hospital Management System.
The vulnerability can be exploited by an attacker without any user interaction.
An example SQL injection payload is posted on the official website of the software.
CVE-2018-1123 - XSS Vulnerability in PHP/Moodle An open RedTeam lead discovered a critical XSS vulnerability in PHP/Moodle while testing the Hospital Management System.
An example XSS payload is posted on the official website of the software.
CVE-2018-1115 - Remote Code Execution Vulnerability in PHP/Moodle An open RedTeam lead discovered a critical remote
^Top of Page^^
Outsourcing SEO can be a good idea for small businesses.
^yyy
A proof of concept is posted on the official website of the software.
CVE-2018-1116 - Privilege Escalation Vulnerability in PHP/Moodle An open RedTeam lead discovered a critical privilege escalation vulnerability in PHP/Moodle while testing the Hospital Management System.
The vulnerability can be exploited by an attacker without any user interaction.
An example exploit is posted on the official website of the software.
Timeline
Published on: 10/21/2022 13:15:00 UTC
Last modified on: 10/21/2022 20:26:00 UTC