PT-2006-3250 · Claroline · Claroline

Beford

Published

2006-05-09

Updated

2018-10-18

CVE-2006-2284

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Claroline version 1.7.5

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the clarolineRepositorySys parameter in 'ldap.inc.php' and the claro CasLibPath parameter in 'casProcess.inc.php'.

Recommendations For Claroline version 1.7.5, consider disabling the clarolineRepositorySys parameter in 'ldap.inc.php' and the claro CasLibPath parameter in 'casProcess.inc.php' as a temporary workaround until a patch is available. Restrict access to 'ldap.inc.php' and 'casProcess.inc.php' to minimize the risk of exploitation. Avoid using the clarolineRepositorySys and claro CasLibPath parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2284

Affected Products

Claroline

PT-2006-3250 · Claroline · Claroline

CVE-2006-2284

Related Identifiers

Affected Products

References · 10