The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.
Eg. ..../backup/backupfilesedit.php
It gives following error:
A required parameter (contextid) was missing
How?
I'm not quite sure what secret security information that error message reveals that any attacker couldn't find simply by looking at the code: https://github.com/moodle/moodle/blob/master/backup/backupfilesedit.php#L31
If you really must edit the error message (with the awareness that it will make no improvement at all to your site security and will make it harder to fix any problems that occur), then just use the language override feature (site admin > language > language customisation) to edit the 'missingparam' string in the errors.php.
