CVE-2007-4742

Name of the Vulnerable Software and Affected Versions: Claroline versions prior to 1.8.6

Description: The issue allows remote authenticated administrators to obtain sensitive information by providing an invalid value in the sort parameter to the "admin/adminusers.php" endpoint. In certain circumstances, this can lead to the revelation of the path in an error message. It is also possible to demonstrate this issue with a parameter value containing an XSS sequence.

Recommendations: For versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/adminusers.php" endpoint and avoid using invalid values in the sort parameter until a patch is applied.