Description

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

Remediation

References

CVE-2013-1831

Related Vulnerabilities

WordPress Plugin Dropshix Security Bypass (4.0.13)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7536)

MySQL Other Vulnerability (CVE-2002-0969)

WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)

Severity

Medium

Classification

CVE-2013-1831 CWE-200

Tags

Missing Update Known Vulnerabilities