Moodle < 1.9.4 'filter/tex/texed.php' 'pathname' Parameter RCE

High Nessus Network Monitor Plugin ID 4788


The remote web server contains a PHP application that allows arbitrary command execution.


The version of Moodle installed on the remote host fails to sanitize user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' script in a commandline that is passed to the shell. Provided PHP's 'register_globals' setting and the TeX Notation filter has both been enabled and PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker can leverage these issues to execute arbitrary code on the remote host subject to the privileges of the web server user ID.


Disable PHP's 'register_globals' or upgrade to version 1.9.4 or higher.

See Also

Plugin Details

Severity: High

ID: 4788

File Name: 4788.prm

Family: CGI

Published: 2008/12/15

Modified: 2016/11/23

Dependencies: 8683

Nessus ID: 35090

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2008/12/12

Vulnerability Publication Date: 2008/12/12

Reference Information

BID: 32801

OSVDB: 50810