Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-30943

Published: 02/05/2023 Updated: 19/04/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Moodle

Vulnerability Summary

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moodle moodle

fedoraproject fedora 36

fedoraproject extra packages for enterprise linux 7.0

fedoraproject fedora 37

fedoraproject fedora 38

Github Repositories

https://github.com/Chocapikk/CVE-2023-30943

A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.

CVE-2023-30943 Vulnerability Scanner This tool detects a vulnerability in Moodle as described in the NVD Description Moodle contains a vulnerability due to the way it handles TinyMCE loaders The application allows a user to dictate the folder creation path A remote attacker can exploit this by sending a crafted HTTP request, enabling arbitrary folder creation on the system

https://github.com/d0rb/CVE-2023-30943

CVE-2023-30943 RCE PoC

CVE-2023-30943 Moodle Vulnerabilities Exploits This repository contains combined exploits for two vulnerabilities in Moodle, a widely used open-source learning management system (LMS) The exploits leverage the vulnerabilities to demonstrate Unauthenticated Arbitrary Folder Creation leading to Stored Cross-Site Scripting (XSS) and Self-XSS leading to Account Takeover Please no

https://github.com/RubyCat1337/CVE-2023-30943

CVE-2023-30943 (Moodle XSS)

CVE-2023-30943(Moodle self-xss) Отказ от ответственности Весь контент предоставлен "как есть", без каких-либо гарантий, явных или подразумеваемых Авторы не несут ответственности за какой-либо ущерб, прямой или косве

References

CWE-610http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718https://moodle.org/mod/forum/discuss.php?d=446285https://bugzilla.redhat.com/show_bug.cgi?id=2188605https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBFSXRYLT4ICKJVQSRBAOUDMDRVSVBLS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54TM5H5PDUDYXOQ7X7PPYWP4AJDAE73I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZBWRVUJF7HI53XCJPJ3YJZPOV5HBRUY/https://nvd.nist.govhttps://github.com/Chocapikk/CVE-2023-30943
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook