Moodle is vulnerable to privilege escalation attacks. The attacks exist because the permission check for teacher are not properly handled, allowing any authenticated users with teacher role without accessallgroups capability to post any arbitrary groups.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
www.openwall.com/lists/oss-security/2015/09/21/1
www.securitytracker.com/id/1033619
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
git.moodle.org/gw?p=moodle.git;a=commit;h=cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
moodle.org/mod/forum/discuss.php?d=320288