1. CVE-Search
  2. CVE-2007-1647
ID CVE-2007-1647
Summary Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.
References
Vulnerable Configurations
  • cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.5:beta:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:N/A:N
refmap via4
exploit-db 3508
osvdb 43558
xf moodle-sessions-information-disclosure(33147)
Last major update 11-10-2017 - 01:31
Published 24-03-2007 - 00:19
Last modified 11-10-2017 - 01:31
Back to Top