Description
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Remediation
References
Related Vulnerabilities
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636)
PHP Improper Input Validation Vulnerability (CVE-2016-4071)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)
WordPress Plugin VM Backups Cross-Site Request Forgery (1.0)
WordPress Plugin Hana Flv Player Cross-Site Scripting (3.1.3)