← voltar
CVE-2009-1171

CVE-2009-1171

EPSS 6.2%
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
cve_referencewww.exploit-db.com/exploits/8297não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34517http://secunia.com/advisories/34557http://secunia.com/advisories/34600http://secunia.com/advisories/35570https://usn.ubuntu.com/791-2/https://www.exploit-db.com/exploits/8297https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.htmlhttp://tracker.moodle.org/browse/MDL-18552http://www.debian.org/security/2009/dsa-1761