Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Claroline Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4844)

Description

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

Remediation

References

Related Vulnerabilities

Oracle Application Server CVE-2007-5521 Vulnerability (CVE-2007-5521)

Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2021-30640)

Oracle JRE CVE-2014-0429 Vulnerability (CVE-2014-0429)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Unspecified Vulnerability (1.7.12)

WordPress Plugin Yes/No Chart SQL Injection (1.0.11)

Severity

Medium

Classification

CVE-2006-4844 CWE-94

Tags

Missing Update Known Vulnerabilities