Description

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Remediation

References

CVE-2009-1171

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2019-10079)

Internet Information Services Other Vulnerability (CVE-2001-0507)

IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)

Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)

MySQL Improper Input Validation Vulnerability (CVE-2017-3273)

Severity

Medium

Classification

CVE-2009-1171 CWE-20

Tags

Missing Update Known Vulnerabilities