Description

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Remediation

References

CVE-2005-1375

Related Vulnerabilities

WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter Multiple Vulnerabilities (3.71)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (2.0.2)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.8)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1365)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.16)

Severity

High

Classification

CVE-2005-1375

Tags

Missing Update Known Vulnerabilities