Description
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Same Origin Method Execution (SOME) Vulnerability (4.4 - 4.4.2)
WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-50337)
MySQL CVE-2021-35612 Vulnerability (CVE-2021-35612)
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-1695)