Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

BIT-MOODLE-2023-30943 Moodle: tinymce loaders susceptible to arbitrary folder creation

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

GHSA-22GJ-8QJ2-FJ46 Moodle External Control of File Name or Path vulnerability

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

UBUNTU-CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

PT-2023-4763 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 4.1.x through 4.1.2 Moodle versions 4.2.x through 4.1.9 is not correct, the correct is: Moodle versions 4.2.x before 4.2.0 Description: The issue exists because the application allows a user to control the path of the folder t...