Total vulnerabilities in the database
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
| Software | From | Fixed in |
|---|---|---|
| moodle / moodle | 3.7.0 | 3.7.5 |
| moodle / moodle | 3.6.0 | 3.6.9 |
| moodle / moodle | 3.5.0 | 3.5.11 |
| moodle / moodle | 3.8.0 | 3.8.2 |