Description
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
Remediation
References
Related Vulnerabilities
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)
MySQL CVE-2022-21332 Vulnerability (CVE-2022-21332)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.11)
Joomla Session Fixation Vulnerability (CVE-2007-4188)
WordPress Plugin Easy Pixels Unspecified Vulnerability (1.8.2)