CVE-2023-30943
Description
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-30943
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Fedora Project
Severity: MEDIUM
CVE ID: CVE-2023-30943
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Proof Of Concept
Nuclei Templates for CVE-2023-30943
Refrence: Project Discovery GitHub
d0rb
CVE-2023-30943 RCE PoC
Refrence: GitHub
Chocapikk
A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.
Refrence: GitHub
RubyCat1337
CVE-2023-30943 (Moodle XSS)
Refrence: GitHub