Description
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.
Remediation
References
Related Vulnerabilities
MySQL Improper Access Control Vulnerability (CVE-2015-3152)
WordPress Plugin Lazy Load Cross-Site Scripting (0.6)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-4864)
Oracle JRE CVE-2013-5783 Vulnerability (CVE-2013-5783)
WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)