CVE-2005-1375

Опубликовано: 03 мая 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Ссылки

http://marc.info/?l=bugtraq&m=111464607103407&w=2
http://secunia.com/advisories/15161
Exploit
Patch
http://secunia.com/advisories/15725
http://securitytracker.com/id?1013822
Exploit
Patch
http://www.claroline.net/news.php#85
Patch
http://www.securityfocus.com/bid/13407
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20298
http://marc.info/?l=bugtraq&m=111464607103407&w=2
http://secunia.com/advisories/15161
Exploit
Patch
http://secunia.com/advisories/15725
http://securitytracker.com/id?1013822
Exploit
Patch
http://www.claroline.net/news.php#85
Patch
http://www.securityfocus.com/bid/13407
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20298

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*

cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01322

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-j7mm-7wm5-3jjp

github

почти 4 года назад