Description

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

Remediation

References

CVE-2004-1425

Related Vulnerabilities

WordPress Plugin Newsletter Open Redirect (3.7.0)

MySQL CVE-2018-3286 Vulnerability (CVE-2018-3286)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.9)

WordPress Plugin Easy Contact Form Lite 'sort_row.request.php' SQL Injection (1.0.7)

Oracle JRE CVE-2013-1481 Vulnerability (CVE-2013-1481)

Severity

Medium

Classification

CVE-2004-1425

Tags

Missing Update Known Vulnerabilities