CVE-2006-4844

Current Description

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

Evaluator Description

Successful exploitation requires that "register_globals" is enabled.This vulnerability is addressed in the following product release:Claroline, Claroline, 1.7.8

Basic Data

PublishedSeptember 19, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationClarolineClaroline1.2*******
    2.3ApplicationClarolineClaroline1.3*******
    2.3ApplicationClarolineClaroline1.4*******
    2.3ApplicationClarolineClaroline1.5*******
    2.3ApplicationClarolineClaroline1.5.3*******
    2.3ApplicationClarolineClaroline1.5.4*******
    2.3ApplicationClarolineClaroline1.6*******
    2.3ApplicationClarolineClaroline1.6_beta*******
    2.3ApplicationClarolineClaroline1.6_rc1*******
    2.3ApplicationClarolineClaroline1.7*******
    2.3ApplicationClarolineClaroline1.7.1*******
    2.3ApplicationClarolineClaroline1.7.2*******
    2.3ApplicationClarolineClaroline1.7.3*******
    2.3ApplicationClarolineClaroline1.7.4*******
    2.3ApplicationClarolineClaroline1.7.5*******
    2.3ApplicationClarolineClaroline1.7.6*******
    2.3ApplicationClarolineClaroline********1.7.7
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.4*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.5*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.5.3*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.5.4*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.5.5*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.6.4*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.6.4_p1*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.6.5*******
    2.3ApplicationDokeosOpen Source Learning And Knowledge Management Tool1.6_rc2*******

Vulnerable Software List

VendorProductVersions
Dokeos Open Source Learning And Knowledge Management Tool 1.4, 1.5, 1.5.3, 1.5.4, 1.5.5, 1.6.4, 1.6.4_p1, 1.6.5, 1.6_rc2
Claroline Claroline *, 1.2, 1.3, 1.4, 1.5, 1.5.3, 1.5.4, 1.6, 1.6_beta, 1.6_rc1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6

References

NameSourceURLTags
21931http://secunia.com/advisories/21931SECUNIAExploit Patch Vendor Advisory
21948http://secunia.com/advisories/21948SECUNIAVendor Advisory
http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7CONFIRMPatch
http://www.gulftech.org/?node=research&article_id=00112-09142006http://www.gulftech.org/?node=research&article_id=00112-09142006MISCExploit
http://www.gulftech.org/?node=research&article_id=00112-09142006&http://www.gulftech.org/?node=research&article_id=00112-09142006&MISC
20056http://www.securityfocus.com/bid/20056BIDPatch
ADV-2006-3638http://www.vupen.com/english/advisories/2006/3638VUPENVendor Advisory
ADV-2006-3639http://www.vupen.com/english/advisories/2006/3639VUPENVendor Advisory
claroline-claro-file-include(28943)https://exchange.xforce.ibmcloud.com/vulnerabilities/28943XF