
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2023-30943 is a vulnerability discovered in Moodle, affecting versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0. The vulnerability exists because the application allows a user to control the path of folders to create in TinyMCE loaders, enabling a remote user to send specially crafted HTTP requests and create arbitrary folders on the system. The vulnerability was reported by Yaniv Nizry from SonarSource and was disclosed on May 1, 2023 (Moodle Forum).
The vulnerability stems from insufficient sanitization of loaders used by TinyMCE. The issue occurs because two endpoints that don't require authentication take a RAW typed input from the rev parameter and generate a custom path that includes the provided rev parameter in the middle. Since the parameter type is RAW (no modification or sanitization by Moodle) and its value is inserted in the middle of the path string, an attacker can create arbitrary folders on the server by using path traversal sequences. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).
While initially appearing to have low impact, this vulnerability can be leveraged to perform a Stored Cross-Site Scripting (XSS) attack on the administration panel, which could result in arbitrary code execution on the server when an administrator visits the panel. Since plugins in Moodle are additional PHP code made to provide custom features and functionalities, an attacker-controlled plugin is equivalent to arbitrary code execution (Sonar Blog).
The vulnerability was patched in Moodle versions 4.1.3 and 4.2.0. The fix involves casting the $rev parameter to integers in the affected files, preventing attackers from controlling folder names or traversing back directories to create arbitrary folders on the server (Sonar Blog).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."