Description

theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.

Remediation

References

CVE-2012-4403

Related Vulnerabilities

WebLogic CVE-2018-2902 Vulnerability (CVE-2018-2902)

Oracle JRE CVE-2013-2428 Vulnerability (CVE-2013-2428)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-26070)

WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)

phpMyFAQ Misinterpretation of Input Vulnerability (CVE-2023-0880)

Severity

Medium

Classification

CVE-2012-4403 CWE-200

Tags

Missing Update Known Vulnerabilities