moodle/moodle is vulnerable to remote code execution. The vulnerability exists due to an insecure direct object reference, allowing an attacker to fetch other users’ calendar action events.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.3 | |
moodle/moodle | le | v3.10.7 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.11.3 | |
moodle/moodle | le | v3.10.7 | |
moodle/moodle | le | v3.9.9 |