CVE-2011-4285

Name of the Vulnerable Software and Affected Versions Moodle versions 2.0.0 through 2.0.1 Moodle version 2.0.2 is not affected, but since the range is specified as 'before 2.0.2', we can simplify to: Moodle versions prior to 2.0.2

Description The issue is related to an incorrect setting of the moodle/course:delete capability in the default configuration. This allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Recommendations For Moodle versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the moodle/course:delete capability for the teacher role until a patch is applied.