7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.027 Low
EPSS
Percentile
90.4%
Moodle 1.5.2 and earlier stores sensitive information under the web root
with insufficient access control, and provides directory listings, which
allows remote attackers to obtain user names, password hashes, and other
sensitive information via a direct request for session (sess_*) files in
moodledata/sessions/.