Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

WordPress Plugin Login as User or Customer Security Bypass (1.7)

SharePoint CVE-2023-33134 Vulnerability (CVE-2023-33134)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28838)

WordPress Plugin File Manager Remote Code Execution (4.5)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2022-48564)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities