Description
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
Remediation
References
Related Vulnerabilities
WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)
WordPress Plugin WordPress Social Login Cross-Site Scripting (2.0.3)
TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)
Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)
Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)