My Journey Exploiting CVE-2018-14630

As part of a course on Information Security, part of the course assesment came from a semester project. We had to exploit an application, preferably a web application, of our choice. Given that our university uses the Moodle platform for the course web pages, Moodle became an obvious first choice. Moodle is an excellent target because it is an old project, written in PHP, full of obscure features that are questionably maintained....