Claroline

Claroline

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-3261

Exploit
  • EPSS 4.85%
  • Veröffentlicht 22.07.2008 17:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:29

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

4.3

CVE-2008-3260

Exploit
  • EPSS 4.63%
  • Veröffentlicht 22.07.2008 17:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:29

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcem...

4.3

CVE-2007-4742

  • EPSS 1.04%
  • Veröffentlicht 06.09.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:41

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by...

3.5

CVE-2007-4741

  • EPSS 0.69%
  • Veröffentlicht 06.09.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:41

Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown;...

3.5

CVE-2007-4717

Exploit
  • EPSS 3.11%
  • Veröffentlicht 05.09.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:38

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advanc...

5.1

CVE-2007-4718

Exploit
  • EPSS 7.48%
  • Veröffentlicht 05.09.2007 19:17:00
  • Zuletzt bearbeitet 16.06.2026 22:44:38

Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

4.3

CVE-2007-3517

  • EPSS 1.81%
  • Veröffentlicht 03.07.2007 18:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:12

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.

7.5

CVE-2006-7048

  • EPSS 3.86%
  • Veröffentlicht 24.02.2007 00:28:00
  • Zuletzt bearbeitet 16.06.2026 22:34:17

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeo...

7.5

CVE-2006-5256

Exploit
  • EPSS 3.5%
  • Veröffentlicht 12.10.2006 22:07:00
  • Zuletzt bearbeitet 16.06.2026 22:30:50

PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.

5.1

CVE-2006-4844

Exploit
  • EPSS 10.08%
  • Veröffentlicht 19.09.2006 01:07:00
  • Zuletzt bearbeitet 16.06.2026 22:29:53

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] param...