{"vulnerability": "CVE-2021-36393", "sightings": [{"uuid": "845824e4-73f0-4c71-aabf-20366951c0af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "Telegram/GaTpOqyDc8HYp7QSAHID-mMQfCk7lqveShZUxbbVzm3_EA", "content": "", "creation_timestamp": "2023-11-05T16:59:49.000000Z"}, {"uuid": "8ff21ea5-b31e-4993-bc28-0ebdb4c29c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/hitshare/1951", "content": "- CVE-2021-36393 Exploit\n\n+ Enabling SQL injection attacks that can lead to unauthorized database access\n+ Exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity\n\nShare for everybody \n- Download  :\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit", "creation_timestamp": "2024-06-14T08:36:48.000000Z"}, {"uuid": "3d0b354a-65a2-447c-b87b-9275d3a28d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/LeakingCode/42133", "content": "- CVE-2021-36393 Exploit\n\n+ Enabling SQL injection attacks that can lead to unauthorized database access\n+ Exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity\n\nShare for everybody \n- Download  :\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit", "creation_timestamp": "2024-06-16T14:56:39.000000Z"}, {"uuid": "d611f5f0-b665-4095-8f53-45035f6ff6e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5337", "content": "#Red_Team_Tactics\n1. Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)\nhttps://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html\n2. Understanding Process Ghosting in Detail\nhttps://dosxuz.gitlab.io/post/processghosting", "creation_timestamp": "2024-01-21T17:42:38.000000Z"}, {"uuid": "0f36e3d5-a1ba-410a-8922-ae9f6d51a1cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "seen", "source": "https://t.me/cibsecurity/59508", "content": "\u203c CVE-2021-36393 \u203c\n\nIn Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T00:13:08.000000Z"}, {"uuid": "bcf4a6c2-8dd4-4087-8f54-d56cbaf1f61b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "seen", "source": "https://t.me/BlueRedTeam/1685", "content": "#Red_Team\n\n1. Moodle: Blind SQL Injection (CVE-2021-36393)\nand Broken Access Control (CVE-2021-36397)\nhttps://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html\n2. Understanding Process Ghosting in Detail\nhttps://dosxuz.gitlab.io/post/processghosting\n\n@BlueRedTeam", "creation_timestamp": "2022-02-03T04:24:02.000000Z"}, {"uuid": "2ce9a59f-e95d-45ab-8cfa-a8a60ec14789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "seen", "source": "https://t.me/thebugbountyhunter/5998", "content": "Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)\n\nhttps://0xkasper.com/articles/moodle-sql-injection-broken-access-control", "creation_timestamp": "2022-02-02T17:41:55.000000Z"}, {"uuid": "15202fad-9b99-45e2-8c70-96166e222dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "seen", "source": "https://t.me/arpsyndicate/1596", "content": "#ExploitObserverAlert\n\nCVE-2021-36393\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-36393. In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.\n\nFIRST-EPSS: 0.000760000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T01:53:27.000000Z"}, {"uuid": "179811a5-56fa-4aeb-b980-3ed3a7e473ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/islamiccyberteam/6728", "content": "- CVE-2021-36393 Exploit\n\n+ Enabling SQL injection attacks that can lead to unauthorized database access\n+ Exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity\n\nShare for everybody \n- Download\u00a0 :\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit", "creation_timestamp": "2024-06-14T10:34:18.000000Z"}, {"uuid": "7d2c48fd-011c-46c1-bc2d-b8069fa451bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/LeakingCode/12978", "content": "- CVE-2021-36393 Exploit\n\n+ Enabling SQL injection attacks that can lead to unauthorized database access\n+ Exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity\n\nShare for everybody \n- Download  :\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit", "creation_timestamp": "2024-06-16T14:56:40.000000Z"}, {"uuid": "044f1a37-e9be-4da8-b5d3-53d58f1e6c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9327", "content": "#exploit\n1. CVE-2023-45158:\nweb2py notifySendHandler os command injection\nhttps://github.com/Evan-Zhangyf/CVE-2023-45158\n\n2. CVE-2021-36393:\nTime-based blind SQL injection on Moodle platforms\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit#cve-2021-36393-exploit\n\n3. The Blooket Redirect exploit\nhttps://github.com/VillainsRule/BlooketRedirect", "creation_timestamp": "2024-04-19T11:38:13.000000Z"}, {"uuid": "12e77d90-62a3-405e-908b-aa25c4adfeaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36393", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1635", "content": "#exploit\n1. CVE-2023-45158:\nweb2py notifySendHandler os command injection\nhttps://github.com/Evan-Zhangyf/CVE-2023-45158\n\n2. CVE-2021-36393:\nTime-based blind SQL injection on Moodle platforms\nhttps://github.com/T0X1Cx/CVE-2021-36393-Exploit#cve-2021-36393-exploit\n\n3. The Blooket Redirect exploit\nhttps://github.com/VillainsRule/BlooketRedirect", "creation_timestamp": "2024-08-16T08:43:29.000000Z"}]}