The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Moodle | Moodle | 2.0.0 (including) | 2.0.0 (including) |
Moodle | Moodle | 2.0.1 (including) | 2.0.1 (including) |
Moodle | Ubuntu | hardy | * |