Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Claroline includePath Parameter Remote File Include Vulnerability


Vulnerability Assessment Details

Claroline includePath Parameter Remote File Include Vulnerability

Vulnerability Assessment Summary
Tries to read a local file using Claroline

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that is prone to
remote file inclusion attacks.

Description :

The remote host is running Claroline, an open-source, web-based,
collaborative learning environment written in PHP.

The version of Claroline installed on the remote host fails to
sanitize input to the 'includePath' parameter before using it to
include PHP code in the 'claroline/auth/extauth/drivers/mambo.inc.php'
and 'claroline/auth/extauth/drivers/postnuke.inc.php' scripts.
Provided PHP's 'register_globals' setting is enabled, an
unauthenticated attacker may be able to exploit these flaws to view
arbitrary files on the remote host or to execute arbitrary PHP code,
possibly taken from third-party hosts.

See also :

http://downloads.securityfocus.com/vulnerabilities/exploits/claroline-lteq1.7.6-rfi.txt

Solution :

Unknown at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Lenovo ThinkPad x250 12.5

Lenovo ThinkPad x250 12.5" Touch Laptop Intel i5 8GB RAM 128GB SSD Windows 10

$85.50



Lenovo ThinkPad T495s Laptop AMD Ryzen 7 PRO 3700U 16GB RAM 256GB SSD Windows 10 picture

Lenovo ThinkPad T495s Laptop AMD Ryzen 7 PRO 3700U 16GB RAM 256GB SSD Windows 10

$259.99



Lenovo ThinkPad E580 15.6

Lenovo ThinkPad E580 15.6" Laptop Intel Core i5 8GB RAM 128GB SSD Windows 11

$139.49



Lenovo ThinkBook 15 Gen 4 Notebook 15.6

Lenovo ThinkBook 15 Gen 4 Notebook 15.6" FHD AMD R7 5825U 16GB RAM 512GB SSD

$529.99



Lenovo ThinkBook 15 Gen 4 Notebook 15.6

Lenovo ThinkBook 15 Gen 4 Notebook 15.6" FHD Intel Core i7-1255U 8GB RAM

$544.99



Lenovo - Legion Slim 5 16

Lenovo - Legion Slim 5 16" Gaming Laptop WUXGA - Ryzen 5 7640HS with 16GB Mem...

$1349.99



Lenovo Legion Pro 5i 16

Lenovo Legion Pro 5i 16" Gaming Laptop RTX 4070 8GB i9-13900HX 16GB RAM 1TB SSD

$1369.99



Lenovo ThinkPad T490s Touchscreen Laptop, i7-8565u, 16GB RAM, Grade B picture

Lenovo ThinkPad T490s Touchscreen Laptop, i7-8565u, 16GB RAM, Grade B

$180.00



Lenovo Thinkpad T490s Core i7 8665U 16GB 512GB Touchscreen Windows 11 Pro picture

Lenovo Thinkpad T490s Core i7 8665U 16GB 512GB Touchscreen Windows 11 Pro

$289.00



Lenovo ThinkPad L13 Yoga Gen 2 i5-1145G7 @ 2.60GHz 16GB/256GB Win 10 Pro - W/Pen picture

Lenovo ThinkPad L13 Yoga Gen 2 i5-1145G7 @ 2.60GHz 16GB/256GB Win 10 Pro - W/Pen

$279.99



Discussions

No Discussions have been posted on this vulnerability.