Robin Bailey

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.3.11 and earlier Moodle versions 2.4.x through 2.4.10 Moodle versions 2.5.x through 2.5.6 Moodle versions 2.6.x through 2.6.3 Moodle versions 2.7.x through 2.7.0 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. **Recommendations** For Moodle versions 2.3.11 and earlier, update to version 2.3.12 or later. For Moodle versions 2.4.x through 2.4.10, update to version 2.4.11 or later. For Moodle versions 2.5.x through 2.5.6, update to version 2.5.7 or later. For Moodle versions 2.6.x through 2.6.3, update to version 2.6.4 or later. For Moodle versions 2.7.x through 2.7.0, update to version 2.7.1 or later.