Primary

Context

Moodle Incorrect Authorization Vulnerability Allowing Unauthorized Deletion of Course Sections

Vulnerability

Patched

A vulnerability exists in Moodle versions 4.5 prior to 4.5.4, 4.4 prior to 4.4.8, 4.3 prior to 4.3.12, 4.1 prior to 4.1.18, and earlier unsupported versions. The issue arises from insufficient checks in the AJAX section deletion feature, which allows users to delete course sections without proper authorization. This flaw could lead to unauthorized modifications of course content.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of course sections, allowing users to modify course content they do not have permission to change.

Remediation

Users can upgrade to Moodle versions 4.5.4, 4.4.8, 4.3.12, or 4.1.18 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Incorrect Authorization Vulnerability Allowing Unauthorized Deletion of Course Sections

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating