Brendan Heywood

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.8.2 Moodle versions prior to 3.7.5 Moodle versions prior to 3.6.9 Moodle versions prior to 3.5.11 **Description** The issue allows X-Forwarded-For headers to be used to spoof a user's IP, bypassing remote address checks. **Recommendations** For versions prior to 3.8.2, update to version 3.8.2 or later. For versions prior to 3.7.5, update to version 3.7.5 or later. For versions prior to 3.6.9, update to version 3.6.9 or later. For versions prior to 3.5.11, update to version 3.5.11 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.8.2 Moodle versions prior to 3.7.5 Moodle versions prior to 3.6.9 Moodle versions prior to 3.5.11 **Description** The issue is related to insufficient input escaping applied to the PHP unit webrunner admin tool. **Recommendations** For versions prior to 3.8.2, update to version 3.8.2 or later. For versions prior to 3.7.5, update to version 3.7.5 or later. For versions prior to 3.6.9, update to version 3.6.9 or later. For versions prior to 3.5.11, update to version 3.5.11 or later.