Skip to main content



This page forms part of the Moodle security guidelines.

What is the danger?

This is more a symptom or other vulnerabilities, than a vulnerability in its own right.

For example, Evil Hacker can use cross-site request forgery or SQL injection to maliciously destroy lots of your data. Or the fact that someone has permission to destroy a lot of data may indicate that the code is not performing sufficient authorisation checks.

However, it is also possible for users to accidentally destroy lots of data if the user-interface is badly designed and confusing.

How Moodle avoids this problem

  • Writing secure code so that data cannot be destroyed maliciously.
  • Trying to design clear interfaces, so that users understand the effects of their actions.

What you need to do in your code

What you need to do as an administrator

  • Be careful!

See also