CVE-2006-2868

Name of the Vulnerable Software and Affected Versions Claroline version 1.7.6

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the includePath cookie to specific PHP files, such as auth/extauth/drivers/mambo.inc.php or auth/extauth/drivers/postnuke.inc.php.

Recommendations For Claroline version 1.7.6, consider restricting access to the auth/extauth/drivers/mambo.inc.php and auth/extauth/drivers/postnuke.inc.php files to minimize the risk of exploitation. Avoid using the includePath cookie with untrusted input until the issue is resolved.