moodle/moodle is vulnerable to information disclosure attacks. theme/yui_combo.php
doesn’t correctly construct errors for the drag-and-drop script. Attackers can use this flaw to obtain the installation path through requests for nonexistent resources.