Description

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.

Remediation

References

CVE-2006-1594

Related Vulnerabilities

WordPress Plugin User Submitted Posts Cross-Site Scripting (20151113)

Oracle Database Server CVE-2010-2419 Vulnerability (CVE-2010-2419)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.20)

Sqlite Out-of-bounds Read Vulnerability (CVE-2021-31239)

jQuery Validation Other Vulnerability (CVE-2021-43306)

Severity

High

Classification

CVE-2006-1594

Tags

Missing Update Known Vulnerabilities