Moderate severityNVD Advisory· Published Nov 24, 2014· Updated May 6, 2026
CVE-2014-7848
CVE-2014-7848
Description
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 2.6.0, < 2.6.6 | 2.6.6 |
moodle/moodlePackagist | >= 2.7.0, < 2.7.3 | 2.7.3 |
Affected products
19cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.4.11
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
Patches
31993cc02b6b0MDL-47287 prevent web access to phpunit boostrap
1 file changed · +4 −0
lib/phpunit/bootstrap.php+4 −0 modified@@ -26,6 +26,10 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ +if (isset($_SERVER['REMOTE_ADDR'])) { + die; // No access from web! +} + // we want to know about all problems error_reporting(E_ALL | E_STRICT); ini_set('display_errors', '1');
84baa6b14173MDL-47287 prevent web access to phpunit boostrap
1 file changed · +4 −0
lib/phpunit/bootstrap.php+4 −0 modified@@ -26,6 +26,10 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ +if (isset($_SERVER['REMOTE_ADDR'])) { + die; // No access from web! +} + // we want to know about all problems error_reporting(E_ALL | E_STRICT); ini_set('display_errors', '1');
0baf9763636aMDL-47287 prevent web access to phpunit boostrap
1 file changed · +4 −0
lib/phpunit/bootstrap.php+4 −0 modified@@ -26,6 +26,10 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ +if (isset($_SERVER['REMOTE_ADDR'])) { + die; // No access from web! +} + // we want to know about all problems error_reporting(E_ALL | E_STRICT); ini_set('display_errors', '1');
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-47cw-whh9-j2fqghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-7848ghsaADVISORY
- openwall.com/lists/oss-security/2014/11/17/11nvdWEB
- github.com/moodle/moodle/commit/0baf9763636aa4158a45ef2b539d2df0aa0bbd53ghsaWEB
- github.com/moodle/moodle/commit/1993cc02b6b05f45ff1776813567c6b3f91480f4ghsaWEB
- github.com/moodle/moodle/commit/84baa6b1417328ef7e4085d0112acc57167d15e4ghsaWEB
- web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215ghsaWEB
- www.securitytracker.com/id/1031215nvd
News mentions
0No linked articles in our index yet.