PT-2006-5599 · Claroline · Claroline
Publicado
2006-09-19
·
Atualizado
2017-07-20
·
CVE-2006-4844
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Claroline versions 1.7.7 and earlier
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
extAuthSource[newUser] parameter. This can be exploited by providing a malicious URL, potentially leading to the execution of unauthorized code.Recommendations
For Claroline versions 1.7.7 and earlier, consider restricting access to the
inc/claro init local.inc.php file to minimize the risk of exploitation. Avoid using the extAuthSource[newUser] parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Claroline