Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Claroline | Claroline | 1.7.6 (including) | 1.7.6 (including) |