Description
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Remediation
References
Related Vulnerabilities
WordPress Plugin JS Help Desk (formerly JS Support Ticket) SQL Injection (2.1.0)
PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)
Oracle HTTP Server Other Vulnerability (CVE-2006-5350)
WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.17)
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)