CVE-2009-1171

Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

El filtro TeX en Moodle v1.6 anteriores a v1.6.9+, v1.7 anteriores a v1.7.7+, v1.8 anteriores a v1.8.9, y v1.9 anteriores a v1.9.5 permite a atacantes con la intervención del usuario leer ficheros de su elección mediante un comando "input" en secuencia con "$$", provocando que LaTeX incluya el contenido del fichero.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-30 CVE Reserved
2009-03-30 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-09-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (14)

URL	Tag	Source
http://secunia.com/advisories/34517	Third Party Advisory
http://secunia.com/advisories/34557	Third Party Advisory
http://secunia.com/advisories/34600	Third Party Advisory
http://secunia.com/advisories/35570	Third Party Advisory
http://tracker.moodle.org/browse/MDL-18552	X_refsource_misc
http://www.securityfocus.com/archive/1/502231/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34278	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/8297	2024-08-07
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html	2020-12-01
http://www.debian.org/security/2009/dsa-1761	2020-12-01
https://usn.ubuntu.com/791-2	2020-12-01
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html	2020-12-01
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html	2020-12-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.0 Search vendor "Moodle" for product "Moodle" and version "1.6.0"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.1 Search vendor "Moodle" for product "Moodle" and version "1.6.1"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.2 Search vendor "Moodle" for product "Moodle" and version "1.6.2"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.3 Search vendor "Moodle" for product "Moodle" and version "1.6.3"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.4 Search vendor "Moodle" for product "Moodle" and version "1.6.4"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.5 Search vendor "Moodle" for product "Moodle" and version "1.6.5"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.6 Search vendor "Moodle" for product "Moodle" and version "1.6.6"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.7 Search vendor "Moodle" for product "Moodle" and version "1.6.7"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.6.8 Search vendor "Moodle" for product "Moodle" and version "1.6.8"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.1 Search vendor "Moodle" for product "Moodle" and version "1.7.1"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.2 Search vendor "Moodle" for product "Moodle" and version "1.7.2"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.3 Search vendor "Moodle" for product "Moodle" and version "1.7.3"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.4 Search vendor "Moodle" for product "Moodle" and version "1.7.4"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.5 Search vendor "Moodle" for product "Moodle" and version "1.7.5"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.7.6 Search vendor "Moodle" for product "Moodle" and version "1.7.6"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.1 Search vendor "Moodle" for product "Moodle" and version "1.8.1"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.2 Search vendor "Moodle" for product "Moodle" and version "1.8.2"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.3 Search vendor "Moodle" for product "Moodle" and version "1.8.3"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.4 Search vendor "Moodle" for product "Moodle" and version "1.8.4"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.5 Search vendor "Moodle" for product "Moodle" and version "1.8.5"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.6 Search vendor "Moodle" for product "Moodle" and version "1.8.6"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.7 Search vendor "Moodle" for product "Moodle" and version "1.8.7"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.8.8 Search vendor "Moodle" for product "Moodle" and version "1.8.8"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.9.1 Search vendor "Moodle" for product "Moodle" and version "1.9.1"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.9.2 Search vendor "Moodle" for product "Moodle" and version "1.9.2"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.9.3 Search vendor "Moodle" for product "Moodle" and version "1.9.3"		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.9.4 Search vendor "Moodle" for product "Moodle" and version "1.9.4"		-		Affected