Description

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

Remediation

References

CVE-2013-1831

Related Vulnerabilities

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-47166)

WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.20.2)

MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2561)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4563)

Severity

Medium

Classification

CVE-2013-1831 CWE-200

Tags

Missing Update Known Vulnerabilities