Moodle · Moodle · CVE-2012-4403
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.3.x through 2.3.1
**Description**
The issue concerns the construction of error responses for the drag-and-drop script in the theme/yui combo.php file. This allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
**Recommendations**
For Moodle versions 2.3.x through 2.3.1, update to version 2.3.2 or later to resolve the issue.