Description
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)
Nginx Improper Encoding or Escaping of Output Vulnerability (CVE-2013-4547)
MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)