Description
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Remediation
References
Related Vulnerabilities
WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)
Oracle JRE CVE-2013-1564 Vulnerability (CVE-2013-1564)
WordPress Plugin WP Statistics Cross-Site Scripting (9.1.2)
Drupal Core 6.x Security Bypass (6.0 - 6.29)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-5360)