Description
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Schools Staff Directory Arbitrary File Upload (1.1)
WordPress Plugin Booking.com Banner Creator Unspecified Vulnerability (1.4.5)
PHP Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2010-4657)
WordPress Plugin Responsive Cookie Consent Cross-Site Scripting (1.7)
WordPress Plugin Easy2Map Photos Cross-Site Scripting (2.0.6)