CVE-2005-1375 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-1375

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Affected Software

Name	Vendor	Start Version	End Version
Claroline	Claroline	1.5.3 (including)	1.5.3 (including)
Claroline	Claroline	1.6_beta (including)	1.6_beta (including)
Claroline	Claroline	1.6_rc1 (including)	1.6_rc1 (including)

References

http://marc.info/?l=bugtraq\u0026m=111464607103407\u0026w=2
http://secunia.com/advisories/15161
http://secunia.com/advisories/15725
http://securitytracker.com/id?1013822
http://www.claroline.net/news.php#85
http://www.securityfocus.com/bid/13407
https://exchange.xforce.ibmcloud.com/vulnerabilities/20298