David Scotson

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.7.x through 2.7.9 **Description** The issue is related to insufficient access control in the Forum module of the Moodle learning management system. This can be exploited by a remote attacker to modify data in arbitrary groups by elevating their role to a teacher. The vulnerability allows authenticated users to post to any group, potentially demonstrated by directly posting to "all participants". **Recommendations** For Moodle versions 2.7.x through 2.7.9, update to version 2.7.10 or later to resolve the issue. As a temporary workaround, consider restricting the teacher role to minimize the risk of exploitation. Avoid using the teacher role in the Forum module until the issue is resolved.