Search for vulnerabilities
Vulnerability details: VCID-v66h-v5rz-vqch
Vulnerability ID VCID-v66h-v5rz-vqch
Aliases CVE-2013-3630
GHSA-wxqg-fg7v-mmc6
Summary Moodle Authenticated Spelling Binary Remote Code Execution Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2013-3630
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2013-3630
generic_textual MODERATE https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
generic_textual MODERATE https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-wxqg-fg7v-mmc6
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-3630
Reference id Reference type URL
http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html
https://api.first.org/data/v1/epss?cve=CVE-2013-3630
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
https://github.com/moodle/moodle
https://nvd.nist.gov/vuln/detail/CVE-2013-3630
GHSA-wxqg-fg7v-mmc6 https://github.com/advisories/GHSA-wxqg-fg7v-mmc6
Data source Metasploit
Description Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - config-changes
  - ioc-in-logs
Ransomware campaign use Unknown
Source publication date Oct. 30, 2013
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/moodle_spelling_binary_rce.rb
Exploit Prediction Scoring System (EPSS)
Percentile 0.98298
EPSS Score 0.63953
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:06.991288+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wxqg-fg7v-mmc6/GHSA-wxqg-fg7v-mmc6.json 36.1.3