Description
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Remediation
References
Related Vulnerabilities
WordPress Plugin PhotoSmash Galleries 'action' Parameter Cross-Site Scripting (1.0.2)
MySQL CVE-2016-9840 Vulnerability (CVE-2016-9840)
WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.7.0)
WordPress Plugin Official MailerLite Sign Up Forms Cross-Site Request Forgery (1.4.4)