Lucene search

K
cve[email protected]CVE-2009-1171
HistoryMar 30, 2009 - 10:30 p.m.

CVE-2009-1171

2009-03-3022:30:00
CWE-20
web.nvd.nist.gov
35
moodle
tex filter
vulnerability
arbitrary file read
cve-2009-1171
input command
nvd

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.022 Low

EPSS

Percentile

89.1%

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a “$$” sequence, which causes LaTeX to include the contents of the file.

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.022 Low

EPSS

Percentile

89.1%