{"id":"CVE-2023-30943","details":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.","aliases":["BIT-moodle-2023-30943","GHSA-22gj-8qj2-fj46"],"modified":"2026-04-10T04:57:29.449625Z","published":"2023-05-02T20:15:10.943Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54TM5H5PDUDYXOQ7X7PPYWP4AJDAE73I/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZBWRVUJF7HI53XCJPJ3YJZPOV5HBRUY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBFSXRYLT4ICKJVQSRBAOUDMDRVSVBLS/"},{"type":"FIX","url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188605"},{"type":"FIX","url":"https://moodle.org/mod/forum/discuss.php?d=446285"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"0ea3d45e04c3d54a3a472ddcb11606b30e227c50"},{"fixed":"b2d07127484b34fa1489ccf554087dd7335ea396"}],"database_specific":{"versions":[{"introduced":"4.1.0"},{"fixed":"4.1.3"}]}}],"versions":["v4.1.0","v4.1.1","v4.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30943.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}