Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4285)
Description
The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.