Lucene search

[email protected]NVD:CVE-2006-4844

HistorySep 19, 2006 - 1:07 a.m.

CVE-2006-4844

2006-09-1901:07:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.074

Percentile

94.1%

JSON

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

Affected configurations

Nvd

Node

clarolineclarolineRange≤1.7.7

clarolineclarolineMatch1.2

clarolineclarolineMatch1.3

clarolineclarolineMatch1.4

clarolineclarolineMatch1.5

clarolineclarolineMatch1.5.3

clarolineclarolineMatch1.5.4

clarolineclarolineMatch1.6

clarolineclarolineMatch1.6_beta

clarolineclarolineMatch1.6_rc1

clarolineclarolineMatch1.7

clarolineclarolineMatch1.7.1

clarolineclarolineMatch1.7.2

clarolineclarolineMatch1.7.3

clarolineclarolineMatch1.7.4

clarolineclarolineMatch1.7.5

clarolineclarolineMatch1.7.6

dokeosopen_source_learning_and_knowledge_management_toolMatch1.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.3

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.5.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.4

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.4_p1

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6.5

dokeosopen_source_learning_and_knowledge_management_toolMatch1.6_rc2

VendorProductVersionCPE
clarolineclaroline*cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
clarolineclaroline1.2cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*
clarolineclaroline1.3cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*
clarolineclaroline1.4cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*
clarolineclaroline1.5cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*
clarolineclaroline1.5.3cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*
clarolineclaroline1.5.4cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*
clarolineclaroline1.6cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*
clarolineclaroline1.6_betacpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*
clarolineclaroline1.6_rc1cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
claroline	claroline	*	cpe:2.3:a:claroline:claroline::::::::
claroline	claroline	1.2	cpe:2.3:a:claroline:claroline:1.2:::::::*
claroline	claroline	1.3	cpe:2.3:a:claroline:claroline:1.3:::::::*
claroline	claroline	1.4	cpe:2.3:a:claroline:claroline:1.4:::::::*
claroline	claroline	1.5	cpe:2.3:a:claroline:claroline:1.5:::::::*
claroline	claroline	1.5.3	cpe:2.3:a:claroline:claroline:1.5.3:::::::*
claroline	claroline	1.5.4	cpe:2.3:a:claroline:claroline:1.5.4:::::::*
claroline	claroline	1.6	cpe:2.3:a:claroline:claroline:1.6:::::::*
claroline	claroline	1.6_beta	cpe:2.3:a:claroline:claroline:1.6_beta:::::::*
claroline	claroline	1.6_rc1	cpe:2.3:a:claroline:claroline:1.6_rc1:::::::*