CVE-2012-6106

Name of the Vulnerable Software and Affected Versions Moodle versions 2.4.0

Description The issue is related to the Manage Subscriptions implementation in Moodle, where a capability check is omitted. This allows remote authenticated users with the student role to remove course-level calendar subscriptions by sending an iCalendar object.

Recommendations For Moodle version 2.4.0, update to version 2.4.1 to resolve the issue.