Description

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

Remediation

References

CVE-2006-4943

Related Vulnerabilities

WordPress Plugin Custom Contact Forms Security Bypass (5.1.0.3)

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)

Jenkins Other Vulnerability (CVE-2022-2048)

MySQL CVE-2013-3810 Vulnerability (CVE-2013-3810)

MySQL CVE-2019-2532 Vulnerability (CVE-2019-2532)

Severity

Medium

Classification

CVE-2006-4943

Tags

Missing Update Known Vulnerabilities