Vulnerability Details CVE-2004-1425
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110425409614735&w=2
- http://marc.info/?l=bugtraq&m=110444531816566&w=2
- http://www.securityfocus.com/bid/12120
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18550
- http://marc.info/?l=bugtraq&m=110425409614735&w=2
- http://marc.info/?l=bugtraq&m=110444531816566&w=2
- http://www.securityfocus.com/bid/12120
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18550
Products affected by CVE-2004-1425
-
cpe:2.3:a:moodle:moodle:1.1.1
-
cpe:2.3:a:moodle:moodle:1.2.0
-
cpe:2.3:a:moodle:moodle:1.2.1
-
cpe:2.3:a:moodle:moodle:1.3.0
-
cpe:2.3:a:moodle:moodle:1.3.1
-
cpe:2.3:a:moodle:moodle:1.3.2
-
cpe:2.3:a:moodle:moodle:1.3.3
-
cpe:2.3:a:moodle:moodle:1.3.4
-
cpe:2.3:a:moodle:moodle:1.4.1
-
cpe:2.3:a:moodle:moodle:1.4.2