CVE-2005-1377

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.claroline.net/news.php#85	Patch
http://www.securityfocus.com/bid/13407	Exploit Patch
http://securitytracker.com/id?1013822	Exploit Patch
http://secunia.com/advisories/15161	Exploit Patch
http://secunia.com/advisories/15725
http://marc.info/?l=bugtraq&m=111464607103407&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20300

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*

Information

Published : 2005-05-02 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1377

Mitre link : CVE-2005-1377

JSON object : View

CWE

NVD-CWE-Other

Products Affected

claroline

claroline

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.claroline.net/news.php#85", "name": "http://www.claroline.net/news.php#85", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/13407", "name": "13407", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1013822", "name": "1013822", "tags": ["Exploit", "Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/15161", "name": "15161", "tags": ["Exploit", "Patch"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/15725", "name": "15725", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111464607103407&w=2", "name": "20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20300", "name": "claroline-file-include(20300)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1377", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-05-03T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}

7.5 /10