CVE-2015-5272

Name of the Vulnerable Software and Affected Versions Moodle versions 2.7.x through 2.7.9

Description The issue is related to insufficient access control in the Forum module of the Moodle learning management system. This can be exploited by a remote attacker to modify data in arbitrary groups by elevating their role to a teacher. The vulnerability allows authenticated users to post to any group, potentially demonstrated by directly posting to "all participants".

Recommendations For Moodle versions 2.7.x through 2.7.9, update to version 2.7.10 or later to resolve the issue. As a temporary workaround, consider restricting the teacher role to minimize the risk of exploitation. Avoid using the teacher role in the Forum module until the issue is resolved.