Barusan ada pemberitahuan dari Martin tentang ditemukannya bug:
You're receiving this mail because you chose to receive security
notifications when you registered your Moodle site.
Today our security expert Petr Skoda discovered a potential problem with one
of the hidden utility scripts in Moodle that could allow a malicious user
within your site to force an admin to unknowingly delete ALL course files.
This bug has been fixed in the CVS versions of the Moodle 1.4 branchand the
main CVS trunk (the soon to be released Moodle 1.5 Beta).The download
packages are also being re-created.
Since this script is not something many people need anyway, the quickest fix
is simply to delete it completely from your installation.
So do that right now! The file to remove is: admin/delete.php
Cheers, and thanks for using Moodle,
Martin Dougiamas, Lead Developer