Description

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.

Remediation

References

CVE-2011-3757

Related Vulnerabilities

WebLogic Improper Access Control Vulnerability (CVE-2016-5601)

WordPress Plugin Slider by 10Web-Responsive Image Slider SQL Injection (1.2.35)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-2471)

WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)

WordPress Plugin Admin Columns CSV Injection (3.4.6)

Severity

Medium

Classification

CVE-2011-3757 CWE-200

Tags

Missing Update Known Vulnerabilities