CVE-2005-1375

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.claroline.net/news.php#85	Patch
http://www.securityfocus.com/bid/13407	Exploit Patch
http://securitytracker.com/id?1013822	Exploit Patch
http://secunia.com/advisories/15161	Exploit Patch
http://secunia.com/advisories/15725
http://marc.info/?l=bugtraq&m=111464607103407&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20298

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*

Information

Published : 2005-05-02 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1375

Mitre link : CVE-2005-1375

JSON object : View

CWE

NVD-CWE-Other

Products Affected

claroline

claroline

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.claroline.net/news.php#85", "name": "http://www.claroline.net/news.php#85", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/13407", "name": "13407", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1013822", "name": "1013822", "tags": ["Exploit", "Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/15161", "name": "15161", "tags": ["Exploit", "Patch"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/15725", "name": "15725", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111464607103407&w=2", "name": "20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20298", "name": "claroline-multiple-sql-injection(20298)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1375", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-03T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}

7.5 /10