Mike Wilson

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.3.11 and earlier, 2.4.x through 2.4.9, 2.5.x through 2.5.5, 2.6.x through 2.6.2 **Description** The issue concerns the My Home implementation in the block html pluginfile function, which does not properly restrict file access. This allows remote attackers to obtain sensitive information by visiting an HTML block. **Recommendations** For versions 2.3.11 and earlier, update to a version later than 2.3.11. For versions 2.4.x through 2.4.9, update to version 2.4.10 or later. For versions 2.5.x through 2.5.5, update to version 2.5.6 or later. For versions 2.6.x through 2.6.2, update to version 2.6.3 or later.