Описание
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.2.3.dfsg-2.2 |
| hardy | ignored | end of life |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | released | 2.3.2 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly con ...
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
EPSS
5 Medium
CVSS2