Description
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Remediation
References
Related Vulnerabilities
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1443)
WordPress Plugin FireDrum Email Marketing PHP Object Injection (1.47)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16107)
WordPress Plugin JS Help Desk (formerly JS Support Ticket) SQL Injection (2.1.0)
Magento Improper Input Validation Vulnerability (CVE-2021-28585)