CVE-2006-5256

PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-12 06:07:00.000-04
Last Modified2018-10-17 05:41:55.000-04

Vulnerable Software List

VendorProductVersions
Claroline Claroline 1.2, 1.3, 1.4, 1.5, 1.5.3, 1.5.4, 1.6, 1.6 beta, 1.6 rc1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.8.0

References

SourceLink
SREASON1719
SECTRACK1017044
BUGTRAQ20061010 claroline <= 180rc1 Remote File Inclusion
BID20444
VUPENADV-2006-3996
XFclaroline-import-file-include(29426)
EXPLOIT-DB2510