CVE-2009-1383

mathTeX - Remote Code Execution via Shell Metacharacters in DPI Tag

Title source: llm
STIX 2.1

Description

The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.

References (6)

Core 6
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1875
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504919/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35816
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51795
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2009-010.html

Scores

EPSS 0.0216
EPSS Percentile 79.9%

Details

CWE
CWE-94
Status published
Products (1)
forkosh/mathtex
Published Jul 14, 2009
Tracked Since Feb 18, 2026