Description
The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.
Remediation
References
Related Vulnerabilities
Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0033)
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-4989)
Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0422)
WordPress Plugin Active Extra Fields Cross-Site Scripting (1.0.1)