Description

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

Remediation

References

CVE-2004-1425

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4084)

WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4583)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)

WordPress Plugin Yoast SEO Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2004-1425

Tags

Missing Update Known Vulnerabilities