header-logo
Suggest Exploit
vendor:
Claroline
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Claroline
Affected Version From: 1.7.2004
Affected Version To: 1.7.2004
Patch Exists: YES
Related CWE: N/A
CPE: a:claroline:claroline
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Claroline Information Disclosure Vulnerability

Claroline is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17343/info

Claroline is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

Claroline versions 1.7.4 and prior are vulnerable.

http://www.example.com/claroline/document/rqmkhtml.php?cmd=rqEditHtml&file=[file]

Navigation

Suggest Exploit

Services By CQR