claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
References
Configurations
Information
Published : 2006-01-25 03:03
Updated : 2017-07-19 18:29
NVD link : CVE-2006-0411
Mitre link : CVE-2006-0411
JSON object : View
CWE
Products Affected
claroline
- claroline