Description
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)
MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)
WordPress 5.3.x PHP Object Injection (5.3 - 5.3.7)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-31618)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-2526)