Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Claroline | Claroline | 1.5.3 (including) | 1.5.3 (including) |
Claroline | Claroline | 1.6_beta (including) | 1.6_beta (including) |
Claroline | Claroline | 1.6_rc1 (including) | 1.6_rc1 (including) |