| VID |
210075 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Claroline software is vulnerable to a local file include vulnerability via the 'language' parameter. Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the Web. Claroline versions prior to 1.8.6 are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input to the 'language' parameter in the 'claroline/inc/lib/language.lib.php' script. Regardless of PHP's 'register_globals' setting, by sending a specially-crafted request to the index.php script containing "dot dot" sequences (/../) in the language parameter, a remote attacker could view arbitrary files on the system or execute arbitrary PHP local files with the privileges of the Web server.
* References:
http://www.claroline.net/forum/viewtopic.php?t=13533
http://www.claroline.net/wiki/index.php/Changelog_1.8.x
http://www.frsirt.com/english/advisories/2007/3045
http://secunia.com/advisories/26685
* Platforms Affected:
Claroline GPL Open Source Project, Claroline versions prior to 1.8.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Claroline (1.8.6 or later), available from the Claroline Download Web site at http://www.claroline.net/download.htm |
| Related URL |
CVE-2007-4718 (CVE) |
| Related URL |
25521 (SecurityFocus) |
| Related URL |
36421 (ISS) |
|
