Description

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

Remediation

References

CVE-2006-4943

Related Vulnerabilities

MySQL CVE-2013-2375 Vulnerability (CVE-2013-2375)

Django Use of Hard-coded Credentials Vulnerability (CVE-2016-9013)

WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)

MySQL Other Vulnerability (CVE-2001-1274)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37254)

Severity

Medium

Classification

CVE-2006-4943

Tags

Missing Update Known Vulnerabilities