CVE-2008-3327

Name of the Vulnerable Software and Affected Versions Moodle version 1.6.5

Description The issue allows remote attackers to obtain sensitive information via a direct request to certain PHP files, specifically "blog/blogpage.php" and "course/report/stats/report.php", when display errors is enabled. This reveals the installation path in an error message.

Recommendations For Moodle version 1.6.5, consider disabling the display errors setting to prevent sensitive information disclosure. Additionally, restrict access to the "blog/blogpage.php" and "course/report/stats/report.php" files until a more permanent solution is available.