PT-2012-5377 · Moodle · Moodle
Mark Baseggio
·
Published
2012-09-19
·
Updated
2020-12-01
·
CVE-2012-4403
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.3.x through 2.3.1
Description
The issue concerns the construction of error responses for the drag-and-drop script in the theme/yui combo.php file. This allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Recommendations
For Moodle versions 2.3.x through 2.3.1, update to version 2.3.2 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle