Back to search
CVE-2009-1171
Published: Mar 30, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34600
third-party-advisory
x_refsource_SECUNIA
DSA-1761
vendor-advisory
x_refsource_DEBIAN
8297
exploit
x_refsource_EXPLOIT-DB
USN-791-2
vendor-advisory
x_refsource_UBUNTU
http://tracker.moodle.org/browse/MDL-18552
x_refsource_MISC
FEDORA-2009-3283
vendor-advisory
x_refsource_FEDORA
20090327 Moodle: Sensitive File Disclosure
mailing-list
x_refsource_BUGTRAQ
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
x_refsource_CONFIRM
35570
third-party-advisory
x_refsource_SECUNIA
34278
vdb-entry
x_refsource_BID
FEDORA-2009-3280
vendor-advisory
x_refsource_FEDORA
34557
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:009
vendor-advisory
x_refsource_SUSE
34517
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now