CVE-2009-1171

EUVD-2009-1171
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
moodlemoodle
1.6.0
moodlemoodle
1.6.1
moodlemoodle
1.6.2
moodlemoodle
1.6.3
moodlemoodle
1.6.4
moodlemoodle
1.6.5
moodlemoodle
1.6.6
moodlemoodle
1.6.7
moodlemoodle
1.6.8
moodlemoodle
1.7.1
moodlemoodle
1.7.2
moodlemoodle
1.7.3
moodlemoodle
1.7.4
moodlemoodle
1.7.5
moodlemoodle
1.7.6
moodlemoodle
1.8.1
moodlemoodle
1.8.2
moodlemoodle
1.8.3
moodlemoodle
1.8.4
moodlemoodle
1.8.5
moodlemoodle
1.8.6
moodlemoodle
1.8.7
moodlemoodle
1.8.8
moodlemoodle
1.9.1
moodlemoodle
1.9.2
moodlemoodle
1.9.3
moodlemoodle
1.9.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
dapper
ignored
gutsy
ignored
hardy
Fixed 1.8.2-1ubuntu4.2
released
intrepid
Fixed 1.8.2-1.2ubuntu2.1
released
jaunty
Fixed 1.9.4.dfsg-0ubuntu1.1
released
karmic
Fixed 1.9.4.dfsg-0ubuntu2
released
Common Weakness Enumeration
References
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://secunia.com/advisories/34517
http://secunia.com/advisories/34557
http://secunia.com/advisories/34600
http://secunia.com/advisories/35570
http://tracker.moodle.org/browse/MDL-18552
http://www.debian.org/security/2009/dsa-1761
http://www.securityfocus.com/archive/1/502231/100/0/threaded
http://www.securityfocus.com/bid/34278
https://usn.ubuntu.com/791-2/
https://www.exploit-db.com/exploits/8297
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://secunia.com/advisories/34517
http://secunia.com/advisories/34557
http://secunia.com/advisories/34600
http://secunia.com/advisories/35570
http://tracker.moodle.org/browse/MDL-18552
http://www.debian.org/security/2009/dsa-1761
http://www.securityfocus.com/archive/1/502231/100/0/threaded
http://www.securityfocus.com/bid/34278
https://usn.ubuntu.com/791-2/
https://www.exploit-db.com/exploits/8297
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html