CVE-2009-1171

Moodle 1.6-1.6.9 1.7-1.7.7 1.8-1.8.9 1.9-1.9.5 - Arbitrary File Read via TeX Filter Input Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1171. PoCs published by Christian J. Eibl.

AI-analyzed exploit summary This is a detailed writeup describing a file disclosure vulnerability in Moodle's TeX filter. The exploit involves injecting LaTeX commands to read arbitrary files, such as /etc/passwd or Moodle's configuration file, if LaTeX is improperly configured.

Description

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Christian J. Eibl · textwebappsphp

https://www.exploit-db.com/exploits/8297

View Code ZIP pw:eip

This is a detailed writeup describing a file disclosure vulnerability in Moodle's TeX filter. The exploit involves injecting LaTeX commands to read arbitrary files, such as /etc/passwd or Moodle's configuration file, if LaTeX is improperly configured.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Moodle <1.6.9, <1.7.7, <1.8.9, <1.9.5

Auth required

Prerequisites: TeX filter enabled · LaTeX environment with unrestricted file inclusion

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34600

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1761

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8297

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/791-2/

Various Sources x_refsource_misc

http://tracker.moodle.org/browse/MDL-18552

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/502231/100/0/threaded

Exploit x_refsource_confirm

http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35570

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34278

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34557

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34517

Scores

EPSS 0.0973

EPSS Percentile 93.0%

Details

CWE

CWE-20

Status published

Products (27)

moodle/moodle 1.6.0

moodle/moodle 1.6.1

moodle/moodle 1.6.2

moodle/moodle 1.6.3

moodle/moodle 1.6.4

moodle/moodle 1.6.5

moodle/moodle 1.6.6

moodle/moodle 1.6.7

moodle/moodle 1.6.8

moodle/moodle 1.7.1

... and 17 more

Published Mar 30, 2009

Tracked Since Feb 18, 2026