CVE-2023-30943

Description

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-30943
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Fedora Project
Severity: MEDIUM
CVE ID: CVE-2023-30943
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-30943

Refrence: Project Discovery GitHub

d0rb

CVE-2023-30943 RCE PoC

Refrence: GitHub

Chocapikk

A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.

Refrence: GitHub

RubyCat1337

CVE-2023-30943 (Moodle XSS)

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept