Description

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.

Remediation

References

CVE-2012-6106

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2006-2667)

WordPress Plugin GD Star Rating Multiple Vulnerabilities (1.9.22)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Request Forgery (4.7.5)

WebLogic CVE-2018-3213 Vulnerability (CVE-2018-3213)

Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)

Severity

Medium

Classification

CVE-2012-6106 CWE-264

Tags

Missing Update Known Vulnerabilities