Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Claroline | Claroline | 1.5.3 (including) | 1.5.3 (including) |
| Claroline | Claroline | 1.6_beta (including) | 1.6_beta (including) |
| Claroline | Claroline | 1.6_rc1 (including) | 1.6_rc1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111464607103407\u0026w=2
- http://secunia.com/advisories/15161
- http://secunia.com/advisories/15725
- http://securitytracker.com/id?1013822
- http://www.claroline.net/news.php#85
- http://www.securityfocus.com/bid/13407
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20287
- http://marc.info/?l=bugtraq\u0026m=111464607103407\u0026w=2
- http://secunia.com/advisories/15161
- http://secunia.com/advisories/15725
- http://securitytracker.com/id?1013822
- http://www.claroline.net/news.php#85
- http://www.securityfocus.com/bid/13407
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20287