Search Our Site

2,871,543 registered online learners.
1,516 New learners so far today.

Vulnerabilities in Moodle LMS puts e-Learners at risk

schedule 6 months, 1 week, 5 days by Virtual College in Virtual College

Moodle LMS system has put e-learning companies at risk

Thousands of businesses that use the Moodle learning management system (LMS) could be at risk of a malicious data breach, it has been reported.

In March, the platform, which allows businesses and organisations to set up websites and online courses, released updates. Along with this, Moodle developers noted that a number of security-related issues were resolved, but did not state any further details, raising questions about the nature and impact of these security issues.

In total, the eLearning platform has over 78,000 websites spanning 234 countries with 100 million users. This means that those using Moodle should act quickly to resolve any issues that could potentially allow attackers to take over web servers.

The extent and severity of these security flaws were revealed later in the month following a blog post from security researcher Netanel Rubin, who found that the flaws allowed attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server.

The data breach takes advantage of incorrect assumptions by the Moodle developers, this included a “logic flaw, an object injection, a double SQL injection, and an overly permissive administrative dashboard”, described Mr Rubin.

He believed that this issue derives from the reimplementation of a specific function without considering decisions made by the original function’s developers.

Mr Rubin said that this is a result of "having too much code, too many developers and lacking documentation".

"Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base. Security issues in large code bases is, of course, not Moodle specific."

Attackers gaining access to the Moodle platform is dangerous not only because they could install a PHP backdoor by uploading vicious plug-ins or templates, but also because Moodle installations store sensitive and private information about businesses and eLearners taking online courses.


Virtual College logo

Author: Virtual College

The latest training news brought to you by Virtual College.

ISO 9001:2015

Click to chat


We are currently transitioning to a new system. To help us direct you to the correct login please choose an option below.