Описание
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | ignored | path visibility is not considered a security issue |
| feisty | ignored | end of life |
| gutsy | ignored | end of life |
| hardy | ignored | end of life |
| upstream | needed |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
EPSS
4.3 Medium
CVSS2