Description
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.18)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)
Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)
Oracle JRE CVE-2018-2794 Vulnerability (CVE-2018-2794)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9015)