CVE-2005-1376

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.claroline.net/news.php#85	Patch
http://www.securityfocus.com/bid/13407	Patch
http://securitytracker.com/id?1013822	Patch
http://secunia.com/advisories/15161	Patch
http://secunia.com/advisories/15725
http://marc.info/?l=bugtraq&m=111464607103407&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20287

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*

Information

Published : 2005-05-02 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1376

Mitre link : CVE-2005-1376

JSON object : View

CWE

NVD-CWE-Other

Products Affected

claroline

claroline

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.claroline.net/news.php#85", "name": "http://www.claroline.net/news.php#85", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/13407", "name": "13407", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1013822", "name": "1013822", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/15161", "name": "15161", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/15725", "name": "15725", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111464607103407&w=2", "name": "20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20287", "name": "claroline-document-directory-traversal(20287)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1376", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-03T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}

7.5 /10