Description

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

Remediation

References

CVE-2013-1831

Related Vulnerabilities

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)

WordPress Plugin Rimons Twitter Widget Cross-Site Scripting (1.2.4)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43558)

Severity

Medium

Classification

CVE-2013-1831 CWE-200

Tags

Missing Update Known Vulnerabilities