Lucene search

[email protected]NVD:CVE-2006-4943

HistorySep 23, 2006 - 12:07 a.m.

CVE-2006-4943

2006-09-2300:07:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

Affected configurations

Nvd

Node

moodlemoodleRange≤1.6.1

moodlemoodleMatch1.6.0

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
moodlemoodle1.6.0cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
moodle	moodle	1.6.0	cpe:2.3:a:moodle:moodle:1.6.0:::::::*

References

docs.moodle.org/en/Release_notes#Moodle_1.6.2

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

61.1%

JSON

Related for NVD:CVE-2006-4943

cve1 cvelist1 ubuntucve1