Directory traversal

2006-04-0310:04:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use “…” (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.

CPENameOperatorVersion
clarolineeq1.5.4
clarolineeq1.6.0-beta
clarolineeq1.6.0-rc1
clarolineeq1.5
clarolineeq1.6
clarolineeq1.5.3
clarolinele1.7.4
clarolineeq1.7.2