Description

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

Remediation

References

CVE-2006-4942

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2361)

Joomla Incorrect Authorization Vulnerability (CVE-2021-26027)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)

WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)

Severity

Medium

Classification

CVE-2006-4942

Tags

Missing Update Known Vulnerabilities