CVE-2005-3649
Description
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"The jumpto.php script does not properly sanitize the 'jump' parameter, allowing it to be controlled by an attacker."
Attack vector
An attacker can craft a URL that includes a malicious 'jump' parameter pointing to an arbitrary external site. When a user clicks this crafted link, their browser will be redirected to the attacker-controlled URL instead of the intended Moodle page. This can be used for phishing attacks or to redirect users to malicious websites [ref_id=1].
Affected code
The vulnerability exists in the `jumpto.php` script within Moodle.
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability was fixed. Remediation guidance suggests updating to a non-vulnerable version of Moodle.
Preconditions
- inputThe 'jump' parameter must be controllable by the attacker.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- secunia.com/advisories/17526/nvdPatchVendor Advisory
- rgod.altervista.org/moodle16dev.htmlnvdExploitVendor Advisory
- marc.infonvd
- securityreason.com/securityalert/168nvd
- www.osvdb.org/20750nvd
- www.vupen.com/english/advisories/2005/2387nvd
News mentions
0No linked articles in our index yet.