Description
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin AddSearch Cross-Site Scripting (1.1.0)
Oracle HTTP Server Other Vulnerability (CVE-1999-1068)
MySQL CVE-2023-21976 Vulnerability (CVE-2023-21976)
WordPress Plugin Login Logout Menu Cross-Site Scripting (1.3.3)
Twisted Web HTTP Server Direct Request ('Forced Browsing') Vulnerability (CVE-2016-1000111)