WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Other Vulnerability (CVE-2006-4942)

Description

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2006-3701 Vulnerability (CVE-2006-3701)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.2.1)

WordPress Plugin Database Sync Cross-Site Scripting (0.4)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5000)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)

Severity

Medium

Classification

CVE-2006-4942

Tags

Missing Update Known Vulnerabilities