| VID |
21872 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Claroline software is vulnerable to multiple vulnerabilities which exist in versions prior to 1.7.5. Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the Web. Claroline version 1.7.4 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting attacks, disclose sensitive information, and execute arbitrary code on the vulnerable system.
1) Input passed to the "file" parameter in the "rqmkhtml.php" script isn't properly sanitized before being used to view files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.
2) Input passed to the "file" parameter in the "rqmkhtml.php" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed to the "includePath" parameter in the "claroline/learnPath/include/scormExport.inc.php" script isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Successful exploitation requires that "register_globals" is enabled.
* References:
http://retrogod.altervista.org/claroline_174_incl_xpl.html
http://www.claroline.net/news.php
http://secunia.com/advisories/19461/
* Platforms Affected:
Claroline GPL Open Source Project, Claroline version 1.7.4 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Claroline (1.7.5 or later), available from the Claroline Download Web site at http://www.claroline.net/download.htm
-- OR --
Apply the patch appropriate for the installed version of Claroline, available from the following web sites:
Claroline 1.7 : http://www.claroline.net/dlarea/claroline.patch17401.zip
Claroline 1.6 : http://www.claroline.net/dlarea/claroline.patch16301.zip
Claroline 1.5 : http://www.claroline.net/dlarea/claroline.patch15401.zip |
| Related URL |
CVE-2006-1594,CVE-2006-1595,CVE-2006-1596 (CVE) |
| Related URL |
17341,17343,17344 (SecurityFocus) |
| Related URL |
25561,25562,25563 (ISS) |
|
