| VID |
21913 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Claroline software is vulnerable to multiple remote file include vulnerabilities via the 'includePath' parameter. Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the Web. Claroline version 1.7.6 and earlier versions are vulnerable to multiple remote file include vulnerabilities, caused by improper validation of user-supplied input passed to the 'includePath' parameter of the 'claroline/auth/extauth/drivers/mambo.inc.php' and 'claroline/auth/extauth/drivers/postnuke.inc.php' scripts. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.claroline.net/forum/viewtopic.php?t=5578
http://downloads.securityfocus.com/vulnerabilities/exploits/claroline-lteq1.7.6-rfi.txt
http://milw0rm.com/exploits/1877
http://secunia.com/advisories/20434/
http://www.frsirt.com/english/advisories/2006/2126
* Platforms Affected:
Claroline GPL Open Source Project, Claroline version 1.7.6 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Claroline (1.7.7 or later), available from the Claroline Download Web site at http://www.claroline.net/download.htm
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-2868 (CVE) |
| Related URL |
18265 (SecurityFocus) |
| Related URL |
26909 (ISS) |
|
