Description
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.1.14)
PHP Other Vulnerability (CVE-2006-4483)
WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)
WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)