SHARE
CORE IMPACT v8 - Exploits Update (Wed Feb 18 2009)
Moodle Tex Filter Remote Code Execution Exploit
Exploits/Remote [Linux]
• Wed Feb 18 2009
A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. This module starts a web server on the CORE IMPACT Console to publish the agent, which is downloaded from the target. In order to exploit this vulnerability register_globals must be enabled (in PHP) and the TeX Notation filter in Moodle must be turned on.
Exploits Vulnerabiltiy: NOCVE-9999-35969