by Marina Glancy.
|Description:||It is possible to read a system file by trying to include it in boost theme preset. This can only be exploited by moodle admins and only potentially dangerous in developer debugging mode.|
|Issue summary:||System file inclusion when adding own preset file (Boost theme)|
|Reported by:||Frédéric Massart|
|Workaround:||Define $CFG->debugdisplay=0; and $CFG->debug=0; in config.php until the fix is applied|