Security Advisory

CVE-2006-4943

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-09-23 00:00:00

Last updated 2024-09-16 19:36:26

Assigner mitre

State PUBLISHED

Description

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

← Browse all CVEs View on cve.org ↗