| Vulnerability Name: | CVE-2006-4942 (CCN-29188) | ||||||||
| Assigned: | 2006-09-13 | ||||||||
| Published: | 2006-09-13 | ||||||||
| Updated: | 2020-12-01 | ||||||||
| Summary: | Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P) 3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-4942 Source: CCN Type: Moodle Web site Release Notes - MoodleDOcs - Moodle 1.6.2 Source: CONFIRM Type: UNKNOWN http://docs.moodle.org/en/Release_notes#Moodle_1.6.2 Source: CCN Type: OSVDB ID: 28800 Moodle tex/algebra File Disclosure Source: XF Type: UNKNOWN moodle-pix-directory-permissions(29188) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||