Moodle TeX Filter Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the TeX filter administrative settings of Moodle. This issue arises from inadequate input sanitization of configuration values, which could allow an administrator to execute arbitrary system commands. The vulnerability is present on sites where the TeX filter is active and ImageMagick is installed. Exploitation of this vulnerability could lead to a complete compromise of the Moodle server, including unauthorized access to data and disruption of services.

Impact

Successful exploitation allows an administrator to execute arbitrary operating system commands, potentially leading to unauthorized access to data, modification of files, and disruption of services. Activities may be masked as originating from the application or its owner.

Added: Feb 21, 2026, 6:24 AM

Updated: Feb 21, 2026, 6:24 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

4.4

remediation

8.3

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

4.4

remediation

8.3

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle TeX Filter Command Injection Vulnerability

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating