Published: 30/03/2009 Updated: 01/12/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The TeX filter in Moodle 1.6 prior to 1.6.9+, 1.7 prior to 1.7.7+, 1.8 prior to 1.8.9, and 1.9 prior to 1.9.5 allows user-assisted malicious users to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.6.4
moodle moodle 1.6.1
moodle moodle 1.7.1
moodle moodle 1.8.5
moodle moodle 1.8.4
moodle moodle 1.9.3
moodle moodle 1.6.7
moodle moodle 1.6.8
moodle moodle 1.7.6
moodle moodle 1.8.2
moodle moodle 1.8.1
moodle moodle 1.8.8
moodle moodle 1.9.4
moodle moodle 1.6.3
moodle moodle 1.6.5
moodle moodle 1.6.0
moodle moodle 1.7.4
moodle moodle 1.7.5
moodle moodle 1.8.3
moodle moodle 1.8.6
moodle moodle 1.9.2
moodle moodle 1.9.1
moodle moodle 1.6.2
moodle moodle 1.6.6
moodle moodle 1.7.3
moodle moodle 1.7.2
moodle moodle 1.8.7

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...

Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy (CVE-2009-1171, MSA-09-0009) ...

Christian J Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files Note that this doesn't affect installations that only use the mimetex environment For the oldstable distribution ( ...

Moodle File Disclosure Vulnerability Systems Affected Moodle series <169+, <177+, <189, <195 Severity Critical Probability of being vulnerable Rather Low Vendor moodleorg/ Filed Bug #MDL-18552 Author Christian J Eibl Date 20090327 I BACKGROUND Moodle is an open source (webbased) learning management s ...

CWE-20 http://www.securityfocus.com/bid/34278 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5 http://secunia.com/advisories/34517 http://secunia.com/advisories/34600 http://tracker.moodle.org/browse/MDL-18552 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html http://www.debian.org/security/2009/dsa-1761 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html http://secunia.com/advisories/34557 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/35570 https://www.exploit-db.com/exploits/8297 https://usn.ubuntu.com/791-2/http://www.securityfocus.com/archive/1/502231/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/791-1/https://www.exploit-db.com/exploits/8297/

CVE-2009-1171

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect