CVE Vulnerabilities

CVE-2005-1375

Published: May 03, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Affected Software

Name Vendor Start Version End Version
Claroline Claroline 1.5.3 (including) 1.5.3 (including)
Claroline Claroline 1.6_beta (including) 1.6_beta (including)
Claroline Claroline 1.6_rc1 (including) 1.6_rc1 (including)

References