Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Claroline | Claroline | 1.5.3 (including) | 1.5.3 (including) |
| Claroline | Claroline | 1.6_beta (including) | 1.6_beta (including) |
| Claroline | Claroline | 1.6_rc1 (including) | 1.6_rc1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111464607103407\u0026w=2
- http://secunia.com/advisories/15161
- http://secunia.com/advisories/15725
- http://securitytracker.com/id?1013822
- http://www.claroline.net/news.php#85
- http://www.securityfocus.com/bid/13407
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20300
- http://marc.info/?l=bugtraq\u0026m=111464607103407\u0026w=2
- http://secunia.com/advisories/15161
- http://secunia.com/advisories/15725
- http://securitytracker.com/id?1013822
- http://www.claroline.net/news.php#85
- http://www.securityfocus.com/bid/13407
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20300