CVE-2007-1647

Moodle < 1.5.2 - Unauthenticated Sensitive Information Exposure via Session File Access

Title source: llm

Description

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by xSh · textwebappsphp

https://www.exploit-db.com/exploits/3508

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33147

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/43558

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3508

Scores

EPSS 0.0609

EPSS Percentile 90.9%

Details

Status published

Products (1)

moodle/moodle < 1.5.2

Published Mar 24, 2007

Tracked Since Feb 18, 2026