| VID |
21573 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Claroline software is detected as being vulnerable to multiple vulnerabilities. Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the Web. Claroline versions 1.5.3, 1.6 beta, 1.6 RC1 and possibly other versions are vulnerable to multiple vulnerabilities. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the vulnerable system.
- Multiple Remote File Include Vulnerabilities
- Multiple SQL Injection Vulnerabilities
- Multiple Cross-Site Scripting Vulnerabilities
- Multiple Directory Traversal Vulnerabilities
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html
http://www.zone-h.org/advisories/read/id=7472
* Platforms Affected:
Claroline GPL Open Source Project, Claroline 1.5.3, 1.6 beta, 1.6 RC1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Claroline (1.5.4 or 1.6 final or later), available from the Claroline Download Web site at http://sourceforge.net/projects/claroline-pack/ |
| Related URL |
CVE-2005-1374,CVE-2005-1375,CVE-2005-1376,CVE-2005-1377 (CVE) |
| Related URL |
13407 (SecurityFocus) |
| Related URL |
20295,20287,20298,20300 (ISS) |
|
