2 matches found
CVE-2004-1425
CVE-2004-1425 describes a directory traversal vulnerability in Moodle 1.4.2 and earlier, where an attacker can read arbitrary session files by manipulating the file parameter with a .. sequence. The affected component is Moodle’s file.php; root cause is improper validation of the file path, enabl...
CVE-2004-1425
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. dot dot in the file parameter...