Description

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.

Remediation

References

CVE-2006-4938

Related Vulnerabilities

WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1)

WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress SQL Injection (1.1.9)

WordPress 0.7 Posts SQL Injection Vulnerability (0.7)

WordPress Plugin Safe SVG Cross-Site Scripting (1.9.5)

Severity

Medium

Classification

CVE-2006-4938

Tags

Missing Update Known Vulnerabilities