EPSS
Percentile
46.1%
Moodle is vulnerable to authorization bypass. The calendar/managesubscriptions.php does not enforce the correct permissions on users, allowing a malicious user with access to a student account to edit the calendar subscriptions.
calendar/managesubscriptions.php
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
openwall.com/lists/oss-security/2013/03/25/2
moodle.org/mod/forum/discuss.php?d=225339