Description
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2018-2902 Vulnerability (CVE-2018-2902)
Oracle JRE CVE-2013-2428 Vulnerability (CVE-2013-2428)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-26070)
WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)
phpMyFAQ Misinterpretation of Input Vulnerability (CVE-2023-0880)