CVE-2007-1647

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.5.2 and earlier

Description: The issue allows remote attackers to obtain sensitive information, including user names and password hashes, by directly requesting certain files. This is due to insufficient access control and the provision of directory listings for session files in the moodledata/sessions/ directory.

Recommendations: For Moodle versions 1.5.2 and earlier, consider restricting access to the moodledata/sessions/ directory to prevent unauthorized access to sensitive session files. As a temporary workaround, disable directory listings for this directory until a more permanent solution is implemented.