Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)

Description

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

Remediation

References

CVE-2012-2367

Related Vulnerabilities

Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)

WordPress Plugin Ninja Announcements Lite 'ninja_annc.php' SQL Injection (1.2.3)

WordPress Plugin MetaSlider Information Disclosure (3.3.1)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (2.2.6.1)

Severity

Medium

Classification

CVE-2012-2367 CWE-264