Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2598

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2598
Last Modified 05 Sep 2008 04:52:11
Published 17 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2598

Summary

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.

Vulnerable Systems

Application

  • Dokeos 1.6


References

SECUNIA - 16407

FULLDISC - 20050812 Multiple directory traversal vulnerabilities in Claroline

FULLDISC - 20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline


Last Updated: 27 May 2016 10:40:34