CVE-2006-4943
Moodle < 1.6.2 - Unauthenticated Sensitive Information Exposure via Jump Parameter
Title source: llmDescription
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
Scores
EPSS
0.0035
EPSS Percentile
57.3%
Details
Status
published
Products (2)
moodle/moodle
1.6.0
moodle/moodle
< 1.6.1
Published
Sep 23, 2006
Tracked Since
Feb 18, 2026