Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Maps by Supsystic Cross-Site Scripting (1.2.4)
Oracle HTTP Server CVE-2020-2545 Vulnerability (CVE-2020-2545)
Oracle JRE CVE-2023-21938 Vulnerability (CVE-2023-21938)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2335)