Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4742

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4742
Last Modified 29 Oct 2012 10:56:35
Published 06 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4742

Summary

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.

Vulnerable Systems

Application

  • Claroline 1.8.5


References

CONFIRM - http://www.claroline.net/forum/viewtopic.php?t=13448

MISC - http://cvs.claroline.net/cgi-bin/viewcvs.cgi/claroline/claroline/admin/adminusers.php?only_with_tag=V_1_8&r2=1.109.2.1&r1=1.10

OSVDB - 39160


Last Updated: 27 May 2016 10:47:14