4.3
CVE-2008-3327
- EPSS 1.09%
- Veröffentlicht 25.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.09% | 0.61 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://moodle.org/mod/forum/discuss.php?d=101403
http://www.procheckup.com/Vulnerability_PR08-15.php
http://www.securityfocus.com/archive/1/494657/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/44032