Claroline

Claroline

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-3261

Exploit
  • EPSS 5.25%
  • Veröffentlicht 22.07.2008 17:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

4.3

CVE-2008-3260

Exploit
  • EPSS 3.15%
  • Veröffentlicht 22.07.2008 17:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcem...

4.3

CVE-2007-4742

  • EPSS 0.31%
  • Veröffentlicht 06.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by...

3.5

CVE-2007-4741

  • EPSS 0.2%
  • Veröffentlicht 06.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown;...

3.5

CVE-2007-4717

Exploit
  • EPSS 1.52%
  • Veröffentlicht 05.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advanc...

5.1

CVE-2007-4718

Exploit
  • EPSS 5.64%
  • Veröffentlicht 05.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

4.3

CVE-2007-3517

  • EPSS 0.69%
  • Veröffentlicht 03.07.2007 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.

7.5

CVE-2006-7048

  • EPSS 4.02%
  • Veröffentlicht 24.02.2007 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeo...

7.5

CVE-2006-5256

Exploit
  • EPSS 16.46%
  • Veröffentlicht 12.10.2006 22:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.

5.1

CVE-2006-4844

Exploit
  • EPSS 4.32%
  • Veröffentlicht 19.09.2006 01:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] param...