Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

Liferay Portal CVE-2020-15841 Vulnerability (CVE-2020-15841)

WordPress Plugin WP Live.php 's' Parameter Cross-Site Scripting (1.2.1)

MySQL CVE-2015-4815 Vulnerability (CVE-2015-4815)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29002)

TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities