[VulnWatch] ZRCSA-200501 - Multiple vulnerabilities in Claroline
From: Siegfried (siegfri3d_at_gmail.com)
To: <email@example.com> Date: Wed, 27 Apr 2005 21:29:16 +0200
Zone-H Research Center Security Advisory 200501
Date of release: 27/04/2005
Software: Claroline (www.claroline.net)
1.6 Release Candidate 1
(probably previous versions too)
Kevin Fernandez "Siegfried"
Mehdi Oudad "deepfear"
from the Zone-H Research Team
Background (from their web site)
Claroline is an Open Source software based on PHP/MySQL. It's a collaborative learning environment allowing teachers or education institutions to create and administer courses through the web.
Multiple Cross site scripting, 10 SQL injection, 7 directory traversal and 4 remote file inclusion vulnerabilities have been found in Claroline.
1)Multiple Cross site scripting vulnerabilities have been found in the following pages:
2)10 SQL injections have been found, they could be exploited by users to retrieve the passwords of the admin, arbitrary teachers or students.
3)Multiple directory traversal vulnerabilities in "claroline/document/document.php" and "claroline/learnPath/insertMyDoc.php" could allow project administrators (teachers) to upload files in arbitrary folders or copy/move/delete (then view) files of arbitrary folders by performing directory traversal attacks.
4)Four remote file inclusion vulnerabilities have been discovered.
The Claroline users are urged to update to version 1.54 or 1.6 final:
18/04 Vulnerabilities found
22/04 Vendor contacted (quick answer)
25/04 Claroline 1.54 released
26/04 Claroline 1.6 final released
27/04 Users alerted via the mailing list
27/04 Advisory released
Zone-H Research Center
Join us on #zone-h @ irc.eu.freenode.net
You can contact the team leader at firstname.lastname@example.org
Thanks to University Montpellier 2.