Description

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

Remediation

References

CVE-2008-3327

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.37)

WordPress Plugin Admin renamer extended Cross-Site Scripting (3.2)

MySQL CVE-2016-0605 Vulnerability (CVE-2016-0605)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Cross-Site Request Forgery (4.2.152)

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

Severity

Medium

Classification

CVE-2008-3327 CWE-200

Tags

Missing Update Known Vulnerabilities