Description
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Remediation
References
Related Vulnerabilities
WordPress Plugin MobileChief-Mobile Site Builder Cross-Site Scripting (1.5.7)
WordPress Plugin Woocommerce Payment Gateway per Category Cross-Site Scripting (2.0.10)
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
WordPress Plugin WP Statistics Cross-Site Scripting (9.5.1)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)