Description
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kama WP Smiles Unspecified Vulnerability (1.8.1)
WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.8.11)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45364)