CVE-2007-1647 : Moodle 1.5.2 and earlier stores sensitive information under the web root with in

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

Published 2007-03-24 00:19:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-1647

Moodle » Moodle
Versions up to, including, (<=) 1.5.2
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-1647

EPSS FAQ

3.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1647

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2007-1647

Jump to

Vulnerability Details : CVE-2007-1647

Products affected by CVE-2007-1647

Exploit prediction scoring system (EPSS) score for CVE-2007-1647

CVSS scores for CVE-2007-1647

References for CVE-2007-1647