CVE-2007-4742

2007-09-06T19:17:00
ID CVE-2007-4742
Type cve
Reporter cve@mitre.org
Modified 2012-10-30T02:56:00

Description

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.