CVE-2009-1171

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
moodlemoodle
1.6.0
moodlemoodle
1.6.1
moodlemoodle
1.6.2
moodlemoodle
1.6.3
moodlemoodle
1.6.4
moodlemoodle
1.6.5
moodlemoodle
1.6.6
moodlemoodle
1.6.7
moodlemoodle
1.6.8
moodlemoodle
1.7.1
moodlemoodle
1.7.2
moodlemoodle
1.7.3
moodlemoodle
1.7.4
moodlemoodle
1.7.5
moodlemoodle
1.7.6
moodlemoodle
1.8.1
moodlemoodle
1.8.2
moodlemoodle
1.8.3
moodlemoodle
1.8.4
moodlemoodle
1.8.5
moodlemoodle
1.8.6
moodlemoodle
1.8.7
moodlemoodle
1.8.8
moodlemoodle
1.9.1
moodlemoodle
1.9.2
moodlemoodle
1.9.3
moodlemoodle
1.9.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
karmic
Fixed 1.9.4.dfsg-0ubuntu2
released
jaunty
Fixed 1.9.4.dfsg-0ubuntu1.1
released
intrepid
Fixed 1.8.2-1.2ubuntu2.1
released
hardy
Fixed 1.8.2-1ubuntu4.2
released
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://secunia.com/advisories/34517
http://secunia.com/advisories/34557
http://secunia.com/advisories/34600
http://secunia.com/advisories/35570
http://tracker.moodle.org/browse/MDL-18552
http://www.debian.org/security/2009/dsa-1761
http://www.securityfocus.com/archive/1/502231/100/0/threaded
http://www.securityfocus.com/bid/34278
https://usn.ubuntu.com/791-2/
https://www.exploit-db.com/exploits/8297
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://secunia.com/advisories/34517
http://secunia.com/advisories/34557
http://secunia.com/advisories/34600
http://secunia.com/advisories/35570
http://tracker.moodle.org/browse/MDL-18552
http://www.debian.org/security/2009/dsa-1761
http://www.securityfocus.com/archive/1/502231/100/0/threaded
http://www.securityfocus.com/bid/34278
https://usn.ubuntu.com/791-2/
https://www.exploit-db.com/exploits/8297
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html