CVE-2011-4588
Published: 20 July 2012
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
quantal |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
raring |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
saucy |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
upstream |
Needs triage
|
|
Patches: other: http://moodle.org/mod/forum/discuss.php?d=191756 |