Description
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)
WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)
Internet Information Services Configuration Vulnerability (CVE-1999-0725)