Lucene search

MitreCVE-2006-4844

HistorySep 19, 2006 - 1:07 a.m.

CVE-2006-4844

2006-09-1901:07:00

CWE-94

mitre

web.nvd.nist.gov

cve-2006-4844

php

remote file inclusion

vulnerability

claroline

dokeos

extauthsource

newuser

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.074

Percentile

94.1%

JSON

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

Affected configurations

Nvd

Node

clarolineclarolineRange≤1.7.7

clarolineclarolineMatch1.2

clarolineclarolineMatch1.3

clarolineclarolineMatch1.4

clarolineclarolineMatch1.5

clarolineclarolineMatch1.5.3

clarolineclarolineMatch1.5.4

clarolineclarolineMatch1.6

clarolineclarolineMatch1.6_beta

clarolineclarolineMatch1.6_rc1

clarolineclarolineMatch1.7

clarolineclarolineMatch1.7.1

clarolineclarolineMatch1.7.2

clarolineclarolineMatch1.7.3

clarolineclarolineMatch1.7.4

clarolineclarolineMatch1.7.5

clarolineclarolineMatch1.7.6

dokeosopen_source_learning_and_knowledge_management_toolMatch1.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.3

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.4_p1

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6_rc2

VendorProductVersionCPE
clarolineclaroline*cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
clarolineclaroline1.2cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*
clarolineclaroline1.3cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*
clarolineclaroline1.4cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*
clarolineclaroline1.5cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*
clarolineclaroline1.5.3cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*
clarolineclaroline1.5.4cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*
clarolineclaroline1.6cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*
clarolineclaroline1.6_betacpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*
clarolineclaroline1.6_rc1cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
claroline	claroline	*	cpe:2.3:a:claroline:claroline::::::::
claroline	claroline	1.2	cpe:2.3:a:claroline:claroline:1.2:::::::*
claroline	claroline	1.3	cpe:2.3:a:claroline:claroline:1.3:::::::*
claroline	claroline	1.4	cpe:2.3:a:claroline:claroline:1.4:::::::*
claroline	claroline	1.5	cpe:2.3:a:claroline:claroline:1.5:::::::*
claroline	claroline	1.5.3	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
claroline	claroline	1.5.4	cpe:2.3:a:claroline:claroline:1.5.4:::::::*
claroline	claroline	1.6	cpe:2.3:a:claroline:claroline:1.6:::::::*
claroline	claroline	1.6_beta	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
claroline	claroline	1.6_rc1	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*

Rows per page:

1-10 of 261

References

secunia.com/advisories/21931

secunia.com/advisories/21948

www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8

www.gulftech.org/?node=research&article_id=00112-09142006

www.gulftech.org/?node=research&article_id=00112-09142006&

www.securityfocus.com/bid/20056

www.vupen.com/english/advisories/2006/3638

www.vupen.com/english/advisories/2006/3639

exchange.xforce.ibmcloud.com/vulnerabilities/28943

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.074

Percentile

94.1%

JSON

Related for CVE-2006-4844