← back
CVE-2020-13144

CVE-2020-13144

EPSS 11.0%
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/157785/OpenEDX-Ironwood-2.5-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48500unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157785/OpenEDX-Ironwood-2.5-Remote-Code-Execution.htmlhttps://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.htmlhttps://stark0de.com/2020/05/17/openedx-vulnerabilities.html