Unrated severityNVD Advisory· Published Sep 23, 2006· Updated Jun 16, 2026

CVE-2006-4942

Description

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

Affected products

Moodle/Moodle3 versions
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=1.6.1
- cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
- (no CPE)range: <1.6.2

Patches

Vulnerability mechanics

References

docs.moodle.org/en/Release_notesnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000