Описание
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| moodle | removed | package |
Связанные уязвимости
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Moodle broken access control when setting calendar event type
Уязвимость системы управления Moodle, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнять произвольные команды
