Bypassing IP Address Restrictions in Moodle Cron Implementation

Bypassing IP Address Restrictions in Moodle Cron Implementation

CVE-2011-4592 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

Learn more about our Web Application Penetration Testing UK.