Endangered data in Moodle platform with malicious plugins

Abstract

This paper describes potential endangerment to the database security in an e-learning systems, which directly violates the confidentiality of data use, and various abuses are possible. Special attention is paid to plugins for different CMS platforms, of which there are currently over 1,500 in the official repository as one of the leading ways for compromising database security at the moment. Installed plugins external to e-leaning system as Moodle, lets that system perform a function that's not in environment core, but can be very dangerous. Therefore, Moodle users should consider all the risks involved in installing software add-ons outside official the Moodle plugin download repository. Description of the database security problem is presented via a case study in which the potential endangering to the Moodle database based on the creation of a malicious plugin, vulnerable activities and social engineering attack.