Privilege Escalation

Moodle is vulnerable to privilege escalation attacks. The attacks exist because getforumdiscussions in mod/forum/externallib.php does not check for group permissions, allowing any authenticated users without permissions to get forum access...