Description
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin BIC Media Widget Cross-Site Scripting (1.0)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.50)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3)
WordPress Plugin 3DPrint Lite Arbitrary File Upload (1.9.1.4)