CVE-2023-30943
PHP vulnerability analysis and mitigation

Overview

CVE-2023-30943 is a vulnerability discovered in Moodle, affecting versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0. The vulnerability exists because the application allows a user to control the path of folders to create in TinyMCE loaders, enabling a remote user to send specially crafted HTTP requests and create arbitrary folders on the system. The vulnerability was reported by Yaniv Nizry from SonarSource and was disclosed on May 1, 2023 (Moodle Forum).

Technical details

The vulnerability stems from insufficient sanitization of loaders used by TinyMCE. The issue occurs because two endpoints that don't require authentication take a RAW typed input from the rev parameter and generate a custom path that includes the provided rev parameter in the middle. Since the parameter type is RAW (no modification or sanitization by Moodle) and its value is inserted in the middle of the path string, an attacker can create arbitrary folders on the server by using path traversal sequences. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).

Impact

While initially appearing to have low impact, this vulnerability can be leveraged to perform a Stored Cross-Site Scripting (XSS) attack on the administration panel, which could result in arbitrary code execution on the server when an administrator visits the panel. Since plugins in Moodle are additional PHP code made to provide custom features and functionalities, an attacker-controlled plugin is equivalent to arbitrary code execution (Sonar Blog).

Mitigation and workarounds

The vulnerability was patched in Moodle versions 4.1.3 and 4.2.0. The fix involves casting the $rev parameter to integers in the affected files, preventing attackers from controlling folder names or traversing back directories to create arbitrary folders on the server (Sonar Blog).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management