Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-1647

Date: March 23, 2007

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Severity Score

Related Resources (6)

https://people.canonical.com/~ubuntu-security/cve/CVE-2007-1647
https://www.exploit-db.com/exploits/3508
https://nvd.nist.gov/vuln/detail/CVE-2007-1647
https://exchange.xforce.ibmcloud.com/vulnerabilities/33147
http://osvdb.org/43558
https://www.mend.io/vulnerability-database/CVE-2007-1647

Severity Score

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us