Main Vulnerability Database Exploits ID:9690 - Exploit for External Control of File Name or Path in Moodle - CVE-2023-30943

ID:9690 - Exploit for External Control of File Name or Path in Moodle - CVE-2023-30943

Published: April 9, 2024

Vulnerability identifier: #VU75601

Vulnerability risk: Low

CVE-ID: CVE-2023-30943

CWE-ID: CWE-73

Exploitation vector: Remote access

Vulnerable software:
Moodle

Link to public exploit:

https://github.com/d0rb/CVE-2023-30943

Vulnerability description

The vulnerability allows a remote user to create arbitrary folders on the system.

The vulnerability exists due to application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

Remediation

Install updates from vendor's website.

ID:9690 - Exploit for External Control of File Name or Path in Moodle - CVE-2023-30943

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human