Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1595

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1595
Last Modified 07 Mar 2011 09:33:24
Published 03 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1595

Summary

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

Vulnerable Systems

Application

  • Claroline 1.5

  • Claroline 1.5.3

  • Claroline 1.5.4

  • Claroline 1.6

  • Claroline 1.6 Beta

  • Claroline 1.6 Rc1

  • Claroline 1.7.2

  • Claroline 1.7.4


References

XF - claroline-rqmkhtml-xss(25562)

VUPEN - ADV-2006-1187

BID - 17344

OSVDB - 24285

SECUNIA - 19461

MISC - http://retrogod.altervista.org/claroline_174_incl_xpl.html

FULLDISC - 20060331 Re: [Full-disclosure] Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit by rgod

OSVDB - 24284

MILW0RM - 1627


Last Updated: 27 May 2016 10:42:08