Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-37160

Published: 25/08/2022 Updated: 27/08/2022
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Claroline

Vulnerability Summary

Claroline 13.5.7 and prior allows an authenticated malicious user to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

claroline claroline

Github Repositories

https://github.com/matthieu-hackwitharts/claroline-CVEs

claroline-CVEs This repo describes several vulns found in Claroline Connect app, in its current version : 1357 RCE via arbitrary file upload (CVE-2022-37159) : githubcom/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_uploadmd 'Location' stored XSS (CVE-2022-37162) : githubcom/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xs

References

CWE-79https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.mdhttps://nvd.nist.govhttps://github.com/matthieu-hackwitharts/claroline-CVEs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook