Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)

Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1

Apache HTTP Server CVE-2004-0809 Vulnerability (CVE-2004-0809)

MySQL CVE-2021-2217 Vulnerability (CVE-2021-2217)

Joomla! Core 3.x.x Race Condition (3.0.0 - 3.8.7)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities