Description

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.

Remediation

References

CVE-2006-1594

Related Vulnerabilities

WordPress Plugin Zedna eBook download Directory Traversal (1.1)

WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)

WordPress Plugin Facebook-this Spam Links Injection (2.5)

WordPress Plugin External Links-nofollow, noopener & new window Multiple Cross-Site Scripting Vulnerabilities (1.80)

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2006-1594

Tags

Missing Update Known Vulnerabilities