Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form by Supsystic Multiple Vulnerabilities (1.7.5)
Oracle JRE CVE-2014-0460 Vulnerability (CVE-2014-0460)
Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.14)
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)
WordPress Credentials Management Errors Vulnerability (CVE-2016-5838)