Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Remediation

References

CVE-2006-0411

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2004-2186)

WordPress Plugin Team Members Unspecified Vulnerability (2.1.2)

PHP Other Vulnerability (CVE-2006-7204)

WordPress Plugin ImageBoss-Images Up To 60% Smaller & CDN Cross-Site Scripting (3.0.4)

MySQL CVE-2015-0501 Vulnerability (CVE-2015-0501)

Severity

Critical

Classification

CVE-2006-0411

Tags

Missing Update Known Vulnerabilities