Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-disclosure] ZRCSA-200501 - Multiple vulnerabilities in Claroline
From: Siegfried (siegfri3dgmail.com)
Date: Wed Apr 27 2005 - 11:28:13 CDT
Zone-H Research Center Security Advisory 200501
Date of release: 27/04/2005
Software: Claroline (www.claroline.net)
1.6 Release Candidate 1
(probably previous versions too)
Kevin Fernandez "Siegfried"
Mehdi Oudad "deepfear"
from the Zone-H Research Team
Background (from their web site)
Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the web.
Multiple Cross site scripting, 10 SQL injection, 7 directory traversal and 4 remote file inclusion vulnerabilities have been found in Claroline.
1)Multiple Cross site scripting vulnerabilities have been found in the following pages:
2)10 SQL injections have been found, they could be exploited by users to retrieve the passwords of the admin, arbitrary teachers or students.
3)Multiple directory traversal vulnerabilities in "claroline/document/document.php" and "claroline/learnPath/insertMyDoc.php" could allow project administrators (teachers) to upload files in arbitrary folders or copy/move/delete (then view) files of arbitrary folders by performing directory traversal attacks.
4)Four remote file inclusion vulnerabilities have been discovered.
The Claroline users are urged to update to version 1.54 or 1.6 final:
18/04 Vulnerabilities found
22/04 Vendor contacted (quick answer)
25/04 Claroline 1.54 released
26/04 Claroline 1.6 final released
27/04 Users alerted via the mailing list
27/04 Advisory released
French version available here: http://fr.zone-h.org/fr/advisories/read/id=180/
English version: http://www.zone-h.org/advisories/read/id=7472
Zone-H Research Center
Join us on #zone-h irc.eu.freenode.net
You can contact the team leader at deepfearfr.zone-h.org
Thanks to University Montpellier 2.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/