Description
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Remediation
References
Related Vulnerabilities
IBM RTC Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1753)
MySQL CVE-2014-6464 Vulnerability (CVE-2014-6464)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0793)
MySQL CVE-2016-8290 Vulnerability (CVE-2016-8290)
Jenkins Incorrect Authorization Vulnerability (CVE-2021-21609)