CVE-2004-1425 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	1.1.1 (including)	1.1.1 (including)
Moodle	Moodle	1.2.0 (including)	1.2.0 (including)
Moodle	Moodle	1.2.1 (including)	1.2.1 (including)
Moodle	Moodle	1.3.0 (including)	1.3.0 (including)
Moodle	Moodle	1.3.1 (including)	1.3.1 (including)
Moodle	Moodle	1.3.2 (including)	1.3.2 (including)
Moodle	Moodle	1.3.3 (including)	1.3.3 (including)
Moodle	Moodle	1.3.4 (including)	1.3.4 (including)
Moodle	Moodle	1.4.1 (including)	1.4.1 (including)
Moodle	Moodle	1.4.2 (including)	1.4.2 (including)

References

http://marc.info/?l=bugtraq\u0026m=110425409614735\u0026w=2
http://marc.info/?l=bugtraq\u0026m=110444531816566\u0026w=2
http://www.securityfocus.com/bid/12120
https://exchange.xforce.ibmcloud.com/vulnerabilities/18550
http://marc.info/?l=bugtraq\u0026m=110425409614735\u0026w=2
http://marc.info/?l=bugtraq\u0026m=110444531816566\u0026w=2
http://www.securityfocus.com/bid/12120
https://exchange.xforce.ibmcloud.com/vulnerabilities/18550

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1425
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html