{ "schema_version": "1.4.0", "id": "GHSA-c8pm-7v2j-xmww", "modified": "2025-04-09T04:07:23Z", "published": "2022-05-02T03:22:28Z", "aliases": [ "CVE-2009-1171" ], "details": "The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a \"$$\" sequence, which causes LaTeX to include the contents of the file.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1171" }, { "type": "WEB", "url": "https://usn.ubuntu.com/791-2" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/8297" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html" }, { "type": "WEB", "url": "http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/34517" }, { "type": "WEB", "url": "http://secunia.com/advisories/34557" }, { "type": "WEB", "url": "http://secunia.com/advisories/34600" }, { "type": "WEB", "url": "http://secunia.com/advisories/35570" }, { "type": "WEB", "url": "http://tracker.moodle.org/browse/MDL-18552" }, { "type": "WEB", "url": "http://www.debian.org/security/2009/dsa-1761" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/502231/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/34278" } ], "database_specific": { "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2009-03-30T22:30:00Z" } }