CVE-2006-1596 | Vulnerability Database | Aqua Security

PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.

Affected Software

Name	Vendor	Start Version	End Version
Claroline	Claroline	1.5 (including)	1.5 (including)
Claroline	Claroline	1.5.3 (including)	1.5.3 (including)
Claroline	Claroline	1.5.4 (including)	1.5.4 (including)
Claroline	Claroline	1.6 (including)	1.6 (including)
Claroline	Claroline	1.6_beta (including)	1.6_beta (including)
Claroline	Claroline	1.6_rc1 (including)	1.6_rc1 (including)
Claroline	Claroline	1.7.2 (including)	1.7.2 (including)
Claroline	Claroline	1.7.4 (including)	1.7.4 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1888.html
http://retrogod.altervista.org/claroline_174_incl_xpl.html
http://secunia.com/advisories/19461
http://www.osvdb.org/24286
http://www.securityfocus.com/bid/17341
http://www.vupen.com/english/advisories/2006/1187
https://exchange.xforce.ibmcloud.com/vulnerabilities/25563
https://www.exploit-db.com/exploits/1627

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1596
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html