CVE-2006-4844: Code Injection

First published: Tue Sep 19 2006(Updated: )

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dokeos Open Source Learning And Knowledge Management Tool	=1.5
Claroline Claroline	=1.7.5
Dokeos Open Source Learning And Knowledge Management Tool	=1.6_rc2
Claroline Claroline	=1.7.4
Claroline Claroline	=1.5.4
Claroline Claroline	=1.2
Claroline Claroline	<=1.7.7
Dokeos Open Source Learning And Knowledge Management Tool	=1.5.3
Claroline Claroline	=1.6_beta
Dokeos Open Source Learning And Knowledge Management Tool	=1.6.4
Dokeos Open Source Learning And Knowledge Management Tool	=1.5.5
Dokeos Open Source Learning And Knowledge Management Tool	=1.5.4
Claroline Claroline	=1.7
Claroline Claroline	=1.6_rc1
Dokeos Open Source Learning And Knowledge Management Tool	=1.6.5
Claroline Claroline	=1.7.1
Claroline Claroline	=1.3
Claroline Claroline	=1.7.6
Claroline Claroline	=1.4
Claroline Claroline	=1.5
Dokeos Open Source Learning And Knowledge Management Tool	=1.4
Claroline Claroline	=1.6
Claroline Claroline	=1.5.3
Claroline Claroline	=1.7.3
Dokeos Open Source Learning And Knowledge Management Tool	=1.6.4_p1
Claroline Claroline	=1.7.2

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
vendor/dokeos
product/open source learning and knowledge management tool
canonical/dokeos open source learning and knowledge management tool
vendor/claroline
product/claroline
canonical/claroline claroline
collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/event
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
version/dokeos open source learning and knowledge management tool/1.5
version/claroline claroline/1.7.5
version/dokeos open source learning and knowledge management tool/1.6_rc2
version/claroline claroline/1.7.4
version/claroline claroline/1.5.4
version/claroline claroline/1.2
version/claroline claroline/1.7.7
version/dokeos open source learning and knowledge management tool/1.5.3
version/claroline claroline/1.6_beta
version/dokeos open source learning and knowledge management tool/1.6.4
version/dokeos open source learning and knowledge management tool/1.5.5
version/dokeos open source learning and knowledge management tool/1.5.4
version/claroline claroline/1.7
version/claroline claroline/1.6_rc1
version/dokeos open source learning and knowledge management tool/1.6.5
version/claroline claroline/1.7.1
version/claroline claroline/1.3
version/claroline claroline/1.7.6
version/claroline claroline/1.4
version/claroline claroline/1.5
version/dokeos open source learning and knowledge management tool/1.4
version/claroline claroline/1.6
version/claroline claroline/1.5.3
version/claroline claroline/1.7.3
version/dokeos open source learning and knowledge management tool/1.6.4_p1
version/claroline claroline/1.7.2

CVE-2006-4844: Code Injection

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact