Description

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

Remediation

References

CVE-2006-4942

Related Vulnerabilities

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Multiple Cross-Site Scripting Vulnerabilities (1.0.19)

Severity

Medium

Classification

CVE-2006-4942

Tags

Missing Update Known Vulnerabilities