CVE-2007-1647

EPSS 5.09%
Published 24.03.2007 00:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Moodle ≫ Moodle Version <= 1.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.09%	0.894

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

http://osvdb.org/43558

https://exchange.xforce.ibmcloud.com/vulnerabilities/33147

https://www.exploit-db.com/exploits/3508

https://nvd.nist.gov/vuln/detail/CVE-2007-1647

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1647

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1647

EUVD