CVE-2008-3327 Information

Description

Moodle 1.6.5 when display_errors is enabled allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php which reveals the installation path in an error message.

Reference

http://moodle.org/mod/forum/discuss.php?d=101403 http://www.procheckup.com/Vulnerability_PR08-15.php http://www.securityfocus.com/archive/1/494657/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44032