Description

lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.

Remediation

References

CVE-2006-4937

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3062)

WordPress Plugin WordPress Facebook Multiple Cross-Site Scripting Vulnerabilities (1.0.10)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4613)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.25)

WordPress Plugin Frontend File Manager Arbitrary File Upload (3.7)

Severity

Medium

Classification

CVE-2006-4937

Tags

Missing Update Known Vulnerabilities