Moodle · Moodle · CVE-2014-7848
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.6.x through 2.6.5
Moodle versions 2.7.x through 2.7.2
**Description**
The issue allows remote attackers to obtain sensitive information via a direct request to `lib/phpunit/bootstrap.php`, which reveals the full path in an error message.
**Recommendations**
For Moodle versions 2.6.x through 2.6.5, update to version 2.6.6 or later.
For Moodle versions 2.7.x through 2.7.2, update to version 2.7.3 or later.