Description

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Remediation

References

CVE-2011-4285

Related Vulnerabilities

WordPress Plugin Spider Calendar Cross-Site Scripting (1.1.0)

Joomla! Core 3.x.x Arbitrary File Upload (3.0.0 - 3.1.4)

WordPress Plugin WP Survey And Quiz Tool 'rowcount' Parameter Cross-Site Scripting (2.9.2)

Ruby Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-1004)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8960)

Severity

Medium

Classification

CVE-2011-4285 CWE-264

Tags

Missing Update Known Vulnerabilities