Description
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Remediation
References
Related Vulnerabilities
Magento Improper Authorization Vulnerability (CVE-2020-24403)
WordPress Plugin PhastPress Open Redirect (1.110)
WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)
Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)