Description

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

Remediation

References

CVE-2012-2367

Related Vulnerabilities

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)

XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)

WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)

Internet Information Services Configuration Vulnerability (CVE-1999-0725)

Severity

Medium

Classification

CVE-2012-2367 CWE-264

Tags

Missing Update Known Vulnerabilities