Description
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin BulletProof Security Information Disclosure (5.1)
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)
LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)
Python Incorrect Conversion between Numeric Types Vulnerability (CVE-2008-1721)
WordPress Plugin Coming Soon Multiple Vulnerabilities (1.1.18)