Description

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

Remediation

References

CVE-2011-4592

Related Vulnerabilities

WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)

WordPress Plugin Portrait-Archiv.com Photostore Cross-Site Scripting (3.1)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (3.4.27.1)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3946)

WordPress Plugin Raygun4WP Cross-Site Scripting (1.8.2)

Severity

Medium

Classification

CVE-2011-4592 CWE-264

Tags

Missing Update Known Vulnerabilities