Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Input Validation Vulnerability (CVE-2009-1171)

Description

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Remediation

References

Related Vulnerabilities

MySQL CVE-2020-14769 Vulnerability (CVE-2020-14769)

MySQL CVE-2019-2797 Vulnerability (CVE-2019-2797)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

Moodle Missing Authorization Vulnerability (CVE-2019-14883)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)

Severity

Medium

Classification

CVE-2009-1171 CWE-20

Tags

Missing Update Known Vulnerabilities