ID CVE-2007-1429
Summary Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
References
Vulnerable Configurations
  • Moodle 1.7.1
    cpe:2.3:a:moodle:moodle:1.7.1
CVSS
Base: 7.5 (as of 13-03-2007 - 17:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_MOODLE-3959.NASL
description This update fixes the following issues : - possible remote file inclusion (CVE-2007-1429) - XSS injection in SCORM 1.2 reports - Fixed XSS in login block Additionally changes : - Fixed visibility of site blogs - moodle-config.php is now located in /etc/moodle/ - added safe_mode and session.save_handler as php options
last seen 2018-09-01
modified 2018-07-19
plugin id 27351
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27351
title openSUSE 10 Security Update : moodle (moodle-3959)
refmap via4
bugtraq 20070311 Remote File Include In Script moodle-1.7.1
sreason 2409
suse SUSE-SR:2007:015
Last major update 05-09-2008 - 17:20
Published 12-03-2007 - 21:19
Last modified 16-10-2018 - 12:38
Back to Top