Description

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.

Remediation

References

CVE-2006-2868

Related Vulnerabilities

WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.5.4)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.5)

Moodle Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2023-30943)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-14251)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

Severity

Medium

Classification

CVE-2006-2868

Tags

Missing Update Known Vulnerabilities