CVE-2013-1831 Information

Description

lib/setuplib.php in Moodle through 2.1.10 2.2.x before 2.2.8 2.3.x before 2.3.5 and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request which reveals the absolute path in an exception message.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225342