Description
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3193)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000395)
Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)
Python Other Vulnerability (CVE-2006-4980)
Python Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)