CVE-2006-4943

2006-09-2300:00:00

mitre

www.cve.org

moodle

vulnerability

session key

remote attackers

sensitive information

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

References

docs.moodle.org/en/Release_notes#Moodle_1.6.2