Description

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Remediation

References

CVE-2007-1647

Related Vulnerabilities

Joomla! Core 3.x.x Multiple Vulnerabilities (3.0.0 - 3.10.6)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2005-2946)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5911)

Severity

High

Classification

CVE-2007-1647

Tags

Missing Update Known Vulnerabilities