We recently had an Acunetix security assessment performed on Moodle.
The following flagged for review, as potential source code disclosures:
Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. An attacker can gather sensitive information (database connection strings, application logic) by analyzing the source code. This information can be used to conduct further attacks.
Remove this file from your website or change its permissions to remove access.