Description
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
Remediation
References
Related Vulnerabilities
WordPress Plugin EWWW Image Optimizer Cloud Cross-Site Scripting (2.0.1)
Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)
WordPress Plugin FAQs Manager SQL Injection (1.0)
Oracle Application Server CVE-2008-2589 Vulnerability (CVE-2008-2589)
WordPress Plugin Gift Certificate Creator Cross-Site Scripting (1.0.0)