CVE-2016-8642

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description The issue is related to insufficient access control in the question engine service of the Moodle learning management system. This can allow a remote attacker to breach information confidentiality. The question engine allows access to files that should not be available.

Recommendations For Moodle versions 2.x through 3.x, consider restricting access to the question engine service until a proper fix is applied. As a temporary workaround, restrict access to sensitive files that should not be available through the question engine.