Family: CGI abuses --> Category: attack
Claroline Multiple Vulnerabilities (3) Vulnerability Scan
Vulnerability Scan Summary
Tries to read a local file using Claroline
Detailed Explanation for this Vulnerability Test
The remote web server contains multiple PHP scripts that are affected
by remote file include issues.
The remote host is running Claroline, an open-source, web-based,
collaborative learning environment written in PHP.
The version of Claroline installed on the remote host fails to
sanitize input to the 'clarolineRepositorySys' and 'claro_CasLibPath'
parameters of the 'claroline/auth/extauth/drivers/ldap.inc.php' and
'claroline/auth/extauth/casProcess.inc.php' scripts respectively
before using it to include files with PHP code. Provided PHP's
'register_globals' setting is enabled, an unauthenticated attacker may
be able to exploit this issue to view arbitrary files on the remote
host or to execute arbitrary PHP code, possibly taken from third-party
See also :
Apply the patches referenced in the vendor advisory above.
Medium / CVSS Base Score : 5.6
Click HERE for more information and discussions on this network vulnerability scan.