Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

WebLogic CVE-2016-3505 Vulnerability (CVE-2016-3505)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2373)

WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)

WordPress Plugin Category Grid View Gallery Cross-Site Scripting (2.3.3)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities