Published: 18-09-2006
Updated: 25-09-2006
Product:
Dokeos: Open Source Learning & Knowledge Management Tool 1.6.5
Dokeos: Open Source Learning & Knowledge Management Tool 1.6.4
Dokeos: Open Source Learning & Knowledge Management Tool 1.6.4-P1
Dokeos: Open Source Learning & Knowledge Management Tool 1.6 RC2
Dokeos: Open Source Learning & Knowledge Management Tool 1.5.5
Dokeos: Open Source Learning & Knowledge Management Tool 1.5.4
Dokeos: Open Source Learning & Knowledge Management Tool 1.5.3
Dokeos: Open Source Learning & Knowledge Management Tool 1.5
Dokeos: Open Source Learning & Knowledge Management Tool 1.4
Claroline: Claroline 1.6
Claroline: Claroline 1.5.4
Claroline: Claroline 1.5.3
Claroline: Claroline 1.5
Claroline: Claroline 1.7
Claroline: Claroline 1.4
Claroline: Claroline 1.3
Claroline: Claroline 1.2
Severity: Medium (5.6)
CVSS vector: (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Vulnerability type: Input validation error
Attack`s vector: Remotly exploitable
Potential loss type: Gain other access
Vulnerability description:
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Patch available: Yes
Solution:
Successful exploitation requires that"register_globals"is enabled.This vulnerability is addressed in the following product release:Claroline, Claroline, 1.7.8
References:
http://www.gulftech.org/?node=research&article_id=00112-09142006
http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_b ...
BID: http://www.securityfocus.com/bid/20056
FRSIRT: http://www.frsirt.com/english/advisories/2006/3639
SECUNIA: http://secunia.com/advisories/21931
XF: http://xforce.iss.net/xforce/xfdb/28943
http://www.gulftech.org/?node=research&article_id=00112-09142006&
FRSIRT: http://www.frsirt.com/english/advisories/2006/3638
SECUNIA: http://secunia.com/advisories/21948