Description

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

Remediation

References

CVE-2006-4942

Related Vulnerabilities

WordPress Plugin Simple Schools Staff Directory Arbitrary File Upload (1.1)

WordPress Plugin Booking.com Banner Creator Unspecified Vulnerability (1.4.5)

PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)

WordPress Plugin Responsive Cookie Consent Cross-Site Scripting (1.7)

WordPress Plugin Easy2Map Photos Cross-Site Scripting (2.0.6)

Severity

Medium

Classification

CVE-2006-4942

Tags

Missing Update Known Vulnerabilities