Description

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.

Remediation

References

CVE-2005-1376

Related Vulnerabilities

WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3156)

PHP Improper Input Validation Vulnerability (CVE-2009-3291)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2698)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

Severity

High

Classification

CVE-2005-1376

Tags

Missing Update Known Vulnerabilities