Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3529 Vulnerability (CVE-2017-3529)
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7234)
MySQL CVE-2015-4769 Vulnerability (CVE-2015-4769)
MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)
WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)