Incorrect Data Type in ip_in_range Function Allows Bypass of IP Address Restrictions in Moodle 1.9.x

Incorrect Data Type in ip_in_range Function Allows Bypass of IP Address Restrictions in Moodle 1.9.x

CVE-2011-4588 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

Learn more about our Web Application Penetration Testing UK.