CVE-2013-1831
Moodle <= 2.1.10, 2.2.x < 2.2.8, 2.3.x < 2.3.5, 2.4.x < 2.4.2 - Sensitive Information Exposure
Title source: llmDescription
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
Various Sources x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=225342
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/03/25/2
Scores
EPSS
0.0035
EPSS Percentile
57.6%
Details
CWE
CWE-200
Status
published
Products (50)
moodle/moodle
1.1.1
moodle/moodle
1.2.0
moodle/moodle
1.2.1
moodle/moodle
1.3.0
moodle/moodle
1.3.1
moodle/moodle
1.3.2
moodle/moodle
1.3.3
moodle/moodle
1.3.4
moodle/moodle
1.4.1
moodle/moodle
1.4.2
... and 40 more
Published
Mar 25, 2013
Tracked Since
Feb 18, 2026