Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Cross-Site Scripting (1.5.5)
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9069)
WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)
phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-6621)