CVE-2007-1647

Moodle < 1.5.2 - Unauthenticated Sensitive Information Exposure via Session File Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1647. PoCs published by xSh.

AI-analyzed exploit summary This is a writeup detailing an information leakage vulnerability in Moodle <= 1.5.2, where session files containing user passwords in MD5 hashes are exposed via directory listing. The advisory includes a proof-of-concept demonstration of accessing these files.

Description

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Exploits (1)

exploitdb WRITEUP VERIFIED
by xSh · textwebappsphp
https://www.exploit-db.com/exploits/3508

This is a writeup detailing an information leakage vulnerability in Moodle <= 1.5.2, where session files containing user passwords in MD5 hashes are exposed via directory listing. The advisory includes a proof-of-concept demonstration of accessing these files.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Moodle <= 1.5.2
No auth needed
Prerequisites: Directory listing enabled on the moodledata/sessions directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33147
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43558
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3508

Scores

EPSS 0.0334
EPSS Percentile 87.2%

Details

Status published
Products (1)
moodle/moodle < 1.5.2
Published Mar 24, 2007
Tracked Since Feb 18, 2026