CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.

Product Status

Learn more

Information not provided

References 3 Total

openwall.com: [oss-security] 20120917 Moodle security notifications public
external site
mailing-list
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
external site
http://moodle.org/mod/forum/discuss.php?d=211560
external site

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

openwall.com: [oss-security] 20120917 Moodle security notifications public
external site
mailing-listx_transferred
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
external site
x_transferred
http://moodle.org/mod/forum/discuss.php?d=211560
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Red Hat, Inc.

Description

Product Status

References 3 Total

CVE Program

References 3 Total