Claroline Local File Include and Cross-Site Scripting Vulnerabilities

Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities.

An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which may aid in further attacks.The attacker may also be able to execute arbitray code in the context of the webserver. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Claroline 1.8.6 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus