2 matches found
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...
CVE-2006-4943
The vulnerability CVE-2006-4943 affects Moodle’s course/jumpto.php prior to version 1.6.2, where the session key (sesskey) is not validated before serving content from arbitrary local URIs. This allows remote attackers to disclose sensitive information via the jump parameter. Affected software: M...