Moodle · Moodle · CVE-2012-6106
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.4.0
**Description**
The issue is related to the Manage Subscriptions implementation in Moodle, where a capability check is omitted. This allows remote authenticated users with the student role to remove course-level calendar subscriptions by sending an iCalendar object.
**Recommendations**
For Moodle version 2.4.0, update to version 2.4.1 to resolve the issue.