moodle/moodle is vulnerable to authorization bypass. A teacher is able to un-enrol users without permission using course restore.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
bugzilla.redhat.com/show_bug.cgi?id=1895419
lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
moodle.org/mod/forum/discuss.php?d=413935