CVE-2005-1375

Name of the Vulnerable Software and Affected Versions: Claroline versions 1.5.3 through 1.6 Release Candidate 1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several endpoints and parameters, including "learningPath.php", "learningPathAdmin.php", "learnPath details.php", "modules pool.php", "module.php", the uInfo parameter in "userInfo.php", or the exo id parameter to "exercises details.php".

Recommendations: For Claroline versions 1.5.3 through 1.6 Release Candidate 1, consider restricting access to the mentioned endpoints and parameters until a patch is available. As a temporary workaround, avoid using the uInfo parameter in "userInfo.php" and the exo id parameter in "exercises details.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.