Description

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

Remediation

References

CVE-2013-1831

Related Vulnerabilities

WordPress Plugin Testimonial Multiple Vulnerabilities (2.2)

Werkzeug WSGI Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-29361)

WordPress Plugin Rating-Widget:Star Review System Cross-Site Scripting (2.8.8)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1167)

WordPress Plugin MailChimp for WooCommerce Local File Inclusion (2.1.1)

Severity

Medium

Classification

CVE-2013-1831 CWE-200

Tags

Missing Update Known Vulnerabilities