CVE-2011-4588

2012-07-2010:40:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-4588

moodle

mnet

ip_in_range

xmlrpc

security vulnerability

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

CPENameOperatorVersion
moodle:moodlemoodleeq1.9.4
moodle:moodlemoodleeq1.9.1
moodle:moodlemoodleeq1.9.6
moodle:moodlemoodleeq1.9.9
moodle:moodlemoodleeq1.9.11
moodle:moodlemoodleeq1.9.2
moodle:moodlemoodleeq1.9.12
moodle:moodlemoodleeq1.9.10
moodle:moodlemoodleeq1.9.3
moodle:moodlemoodleeq1.9.13

CPE	Name	Operator	Version
moodle:moodle	moodle	eq	1.9.4
moodle:moodle	moodle	eq	1.9.1
moodle:moodle	moodle	eq	1.9.6
moodle:moodle	moodle	eq	1.9.9
moodle:moodle	moodle	eq	1.9.11
moodle:moodle	moodle	eq	1.9.2
moodle:moodle	moodle	eq	1.9.12
moodle:moodle	moodle	eq	1.9.10
moodle:moodle	moodle	eq	1.9.3
moodle:moodle	moodle	eq	1.9.13