Description

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.

Remediation

References

CVE-2006-2868

Related Vulnerabilities

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-33338)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Request Forgery (8.0.7)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0009)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)

Severity

Medium

Classification

CVE-2006-2868

Tags

Missing Update Known Vulnerabilities