Lucene search

MitreCVE-2009-1171

HistoryMar 30, 2009 - 10:30 p.m.

CVE-2009-1171

2009-03-3022:30:00

CWE-20

mitre

web.nvd.nist.gov

moodle

tex filter

vulnerability

arbitrary file read

cve-2009-1171

input command

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a “$$” sequence, which causes LaTeX to include the contents of the file.

Affected configurations

Nvd

Node

moodlemoodleMatch1.6.0

moodlemoodleMatch1.6.1

moodlemoodleMatch1.6.2

moodlemoodleMatch1.6.3

moodlemoodleMatch1.6.4

moodlemoodleMatch1.6.5

moodlemoodleMatch1.6.6

moodlemoodleMatch1.6.7

moodlemoodleMatch1.6.8

moodlemoodleMatch1.7.1

moodlemoodleMatch1.7.2

moodlemoodleMatch1.7.3

moodlemoodleMatch1.7.4

moodlemoodleMatch1.7.5

moodlemoodleMatch1.7.6

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.6

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

VendorProductVersionCPE
moodlemoodle1.6.0cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
moodlemoodle1.6.1cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*
moodlemoodle1.6.2cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*
moodlemoodle1.6.3cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*
moodlemoodle1.6.4cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*
moodlemoodle1.6.5cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*
moodlemoodle1.6.6cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*
moodlemoodle1.6.7cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*
moodlemoodle1.6.8cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*
moodlemoodle1.7.1cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.6.0	cpe:2.3:a:moodle:moodle:1.6.0:::::::*
moodle	moodle	1.6.1	cpe:2.3:a:moodle:moodle:1.6.1:::::::*
moodle	moodle	1.6.2	cpe:2.3:a:moodle:moodle:1.6.2:::::::*
moodle	moodle	1.6.3	cpe:2.3:a:moodle:moodle:1.6.3:::::::*
moodle	moodle	1.6.4	cpe:2.3:a:moodle:moodle:1.6.4:::::::*
moodle	moodle	1.6.5	cpe:2.3:a:moodle:moodle:1.6.5:::::::*
moodle	moodle	1.6.6	cpe:2.3:a:moodle:moodle:1.6.6:::::::*
moodle	moodle	1.6.7	cpe:2.3:a:moodle:moodle:1.6.7:::::::*
moodle	moodle	1.6.8	cpe:2.3:a:moodle:moodle:1.6.8:::::::*
moodle	moodle	1.7.1	cpe:2.3:a:moodle:moodle:1.7.1:::::::*