MSA-12-0056: Information leak in drag-and-drop

by Michael de Raadt.  

Topic:Information disclosure in yui_combo.php
Severity/Risk:Minor
Versions affected:2.3 to 2.3.1+
Reported by:Mark Baseggio
Issue no.:MDL-35168

CVE Identifier:

CVE-2012-4403
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168

Description:

The drag-and-drop script was responding to bad requests with information that included the full path to scripts on the server.

Read more https://moodle.org/mod/forum/discuss.php?d=211560&parent=922011