Description
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110425409614735&w=2
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12120
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110444531816566&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18550
Scores
EPSS
0.0054
EPSS Percentile
67.8%
Details
Status
published
Products (10)
moodle/moodle
1.1.1
moodle/moodle
1.2.0
moodle/moodle
1.2.1
moodle/moodle
1.3.0
moodle/moodle
1.3.1
moodle/moodle
1.3.2
moodle/moodle
1.3.3
moodle/moodle
1.3.4
moodle/moodle
1.4.1
moodle/moodle
1.4.2
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026