Description

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.

Remediation

References

CVE-2006-2868

Related Vulnerabilities

WordPress Plugin WebP Express Unspecified Vulnerability (0.14.21)

WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)

Python CVE-2019-16056 Vulnerability (CVE-2019-16056)

WordPress Plugin JS Help Desk (formerly JS Support Ticket) SQL Injection (2.1.0)

Oracle Application Server Other Vulnerability (CVE-2004-1707)

Severity

Medium

Classification

CVE-2006-2868

Tags

Missing Update Known Vulnerabilities