CVE-2005-1376

Properties

Published:
02.05.2005
Updated:
28.08.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Claroline: Claroline
Claroline: Claroline
Claroline: Claroline

Vulnerability description

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.

References:

CONFIRM: http://www.claroline.net/news.php#85
BID: http://www.securityfocus.com/bid/13407
SECTRACK: http://securitytracker.com/id?1013822
SECUNIA: http://secunia.com/advisories/15161
XF: http://xforce.iss.net/xforce/xfdb/20287
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111464607103407&w=2
SECUNIA: http://secunia.com/advisories/15725