What is CVE-2013-3630?

CVE-2013-3630 is a vulnerability in Moodle, classified under Code Injection. Published 2013-11-01.

Is CVE-2013-3630 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Moodle

CVE-2013-3630

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.645 (98.5th percentile) — read the EPSS interpretation.

Affected products

Moodle — versions 1.1.1, 1.2.0, 1.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (Exploit, x_refsource_MISC)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2013-3630?: CVE-2013-3630 is a vulnerability in Moodle, classified under Code Injection. Published 2013-11-01.
Is CVE-2013-3630 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.