CVE-2005-1375

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=111464607103407&w=2
http://secunia.com/advisories/15161	Exploit Patch
http://secunia.com/advisories/15725
http://securitytracker.com/id?1013822	Exploit Patch
http://www.claroline.net/news.php#85	Patch
http://www.securityfocus.com/bid/13407	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20298

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*

History

No history.

Information

Published : 2005-05-03 04:00

Updated : 2024-02-04 16:52

NVD link : CVE-2005-1375

Mitre link : CVE-2005-1375

CVE.ORG link : CVE-2005-1375

JSON object : View

Products Affected

claroline

claroline

CWE

NVD-CWE-Other

{"id": "CVE-2005-1375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-03T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=111464607103407&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15161", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15725", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013822", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.claroline.net/news.php#85", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13407", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20298", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php."}], "lastModified": "2017-07-11T01:32:37.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E5AD48-31AA-4A9E-969A-6E45E4B6F827"}, {"criteria": "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3FF8764-0B6C-439B-9333-473F54B9921A"}, {"criteria": "cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58F1F26-B87D-4445-AB31-0648A7B32E3F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}