Family: CGI abuses --> Category: attack
Claroline < 1.5.4 / 1.6.0 Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple input validation vulnerabilities in Claroline < 1.5.4 / 1.6.0
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to a
variety of attacks.
The version of Claroline (an open source, collaborative learning
environment) installed on the remote host suffers from a number of
remotely-exploitable vulnerabilities, including:
- Multiple Remote File Include Vulnerabilities
Four scripts let a possible hacker read arbitrary files on the
remote host and possibly even run arbitrary PHP code,
subject to the rights of the web server user.
- Multiple SQL Injection Vulnerabilities
Seven scripts let a possible hacker inject arbitrary input
into SQL statements, potentially revealing sensitive
data or altering them.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can pass arbitrary HTML and script code
through any of 10 flawed scripts and potentially have
that code executed by a user's browser in the context
of the affected web site.
- Multiple Directory Traversal Vulnerabilities
By exploiting flaws in 'claroline/document/document.php'
and 'claroline/learnPath/insertMyDoc.php', project leaders
(teachers) are able to upload files to arbitrary folders
or copy/move/delete (then view) files of arbitrary folders.
See also :
Upgrade to Claroline version 1.5.4 / 1.6.0 or later.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.