Description

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

Remediation

References

CVE-2012-2367

Related Vulnerabilities

Lodash CVE-2018-3721 Vulnerability (CVE-2018-3721)

MySQL CVE-2019-2740 Vulnerability (CVE-2019-2740)

Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)

WordPress Plugin UiPress lite-Effortless custom dashboards, admin themes and pages SQL Injection (3.4.06)

WordPress Plugin ContentStudio Multiple Vulnerabilities (1.2.5)

Severity

Medium

Classification

CVE-2012-2367 CWE-264

Tags

Missing Update Known Vulnerabilities