Description

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

Remediation

References

CVE-2011-4588

Related Vulnerabilities

WordPress Plugin Simple Social Media Share Buttons-Social Sharing for Everyone Privilege Escalation (2.0.21)

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)

WordPress Plugin WP Htaccess Editor Unspecified Vulnerability (1.0.1)

Apache HTTP Server CVE-2013-6438 Vulnerability (CVE-2013-6438)

Moodle Other Vulnerability (CVE-2004-2235)

Severity

Medium

Classification

CVE-2011-4588 CWE-264

Tags

Missing Update Known Vulnerabilities