This exploit demonstrates a Remote Code Execution (RCE) vulnerability in Moodle 1.9.3 via the `pathname` parameter in `texed.php`. The vulnerability arises due to lack of input validation on the `pathname` parameter, allowing command injection when `register_globals` is enabled and the 'TeX Notation' filter is active.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:Moodle 1.9.3
Auth required
Prerequisites:register_globals enabled · TeX Notation filter active