Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

Affected Packages

Packagist moodle/moodle

Affected versions: 0 (last affected: 4.2.0)

Related CVEs

CVE-2024-1439

Key Information

GHSA ID

GHSA-5p2x-8427-9fgp

Published

February 12, 2024 12:30 PM

Last Modified

February 12, 2024 5:33 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.