Summary
The host is running Claroline and is prone to SQL Injection Vulnerability.
Impact
Successful exploitation will allow attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Impact Level: Application
Solution
upgrade to the version version 1.8.12 or later
For updates refer tohttp://www.claroline.net/download/stable.html
Insight
The flaw is due to,
- error in 'claroline/linker/notfound.php' which is not properly sanitising input data passed via the 'Referer' header, before being returned to the user.
- error in 'group/group.php' which is not properly sanitising input data passed to the 'sort' parameter, before being used in an SQL query.
Affected
Claroline Version 1.8.11 and prior
References
Severity
Classification
-
CVE CVE-2009-1907 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities