Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3740)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Security Bypass (3.10.15)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.8.6)

MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)

WordPress Plugin WP Maintenance Cross-Site Request Forgery (5.0.5)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities