EPSS
Percentile
69.1%
Moodle is vulnerable to information disclosure. The vulnerability exists because the block_html_pluginfile function in blocks/html/lib.php does not properly check file access linked to HTML blocks on the My Home Page.
block_html_pluginfile
blocks/html/lib.php
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
openwall.com/lists/oss-security/2014/05/19/1
git.moodle.org/gw?p=moodle.git;a=commit;h=b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
moodle.org/mod/forum/discuss.php?d=260364