Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Remediation

References

CVE-2006-0411

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7846)

Lighttpd Other Vulnerability (CVE-2011-4362)

WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

WordPress Plugin Auto Publish for Google My Business Cross-Site Scripting (3.3)

Severity

Critical

Classification

CVE-2006-0411

Tags

Missing Update Known Vulnerabilities