ID OSVDB:16539 Type osvdb Reporter Sieg Fried(Siegfried@zone-h.org) Modified 2005-04-27T08:26:58
Description
Vulnerability Description
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claro_init_header.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Solution Description
Upgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claro_init_header.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
{"type": "osvdb", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16539", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 7, "edition": 1, "reporter": "Sieg Fried(Siegfried@zone-h.org)", "title": "Claroline claro_init_header.inc.php Remote File Inclusion", "affectedSoftware": [{"operator": "eq", "version": "1.5.3", "name": "Claroline"}, {"operator": "eq", "version": "1.6 Release Candidate 1", "name": "Claroline"}, {"operator": "eq", "version": "1.6 beta", "name": "Claroline"}], "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1377"]}, {"type": "osvdb", "idList": ["OSVDB:16541", "OSVDB:16540", "OSVDB:16542"]}, {"type": "nessus", "idList": ["CLAROLINE_MULT_VULNS.NASL"]}], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 7.4}, "references": [], "id": "OSVDB:16539", "lastseen": "2017-04-28T13:20:12", "cvelist": ["CVE-2005-1377"], "modified": "2005-04-27T08:26:58", "description": "## Vulnerability Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claro_init_header.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claro_init_header.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16542](https://vulners.com/osvdb/OSVDB:16542)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16540](https://vulners.com/osvdb/OSVDB:16540)\n[Related OSVDB ID: 16541](https://vulners.com/osvdb/OSVDB:16541)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20300\n[CVE-2005-1377](https://vulners.com/cve/CVE-2005-1377)\nBugtraq ID: 13407\n"}
{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.", "edition": 3, "cvss3": {}, "published": "2005-05-03T04:00:00", "title": "CVE-2005-1377", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1377"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:claroline:claroline:1.6_rc1", "cpe:/a:claroline:claroline:1.6_beta", "cpe:/a:claroline:claroline:1.5.3"], "id": "CVE-2005-1377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1377", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1377"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to introductionSection.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to introductionSection.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16542](https://vulners.com/osvdb/OSVDB:16542)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16541](https://vulners.com/osvdb/OSVDB:16541)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20300\n[CVE-2005-1377](https://vulners.com/cve/CVE-2005-1377)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16540", "id": "OSVDB:16540", "type": "osvdb", "title": "Claroline introductionSection.inc.php Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1377"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin.lib.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin.lib.inc.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16542](https://vulners.com/osvdb/OSVDB:16542)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16540](https://vulners.com/osvdb/OSVDB:16540)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20300\n[CVE-2005-1377](https://vulners.com/cve/CVE-2005-1377)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16541", "id": "OSVDB:16541", "type": "osvdb", "title": "Claroline admin.lib.inc.php Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1377"], "edition": 1, "description": "## Vulnerability Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tool_access_details.lib.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.4, 1.6 final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nClaroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to tool_access_details.lib.php not properly sanitizing user supplied input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.claroline.net/\n[Vendor Specific Advisory URL](http://www.claroline.net/news.php#85)\nSecurity Tracker: 1013822\n[Secunia Advisory ID:15161](https://secuniaresearch.flexerasoftware.com/advisories/15161/)\n[Related OSVDB ID: 16520](https://vulners.com/osvdb/OSVDB:16520)\n[Related OSVDB ID: 16539](https://vulners.com/osvdb/OSVDB:16539)\n[Related OSVDB ID: 16537](https://vulners.com/osvdb/OSVDB:16537)\n[Related OSVDB ID: 16530](https://vulners.com/osvdb/OSVDB:16530)\n[Related OSVDB ID: 16540](https://vulners.com/osvdb/OSVDB:16540)\n[Related OSVDB ID: 16541](https://vulners.com/osvdb/OSVDB:16541)\nOther Advisory URL: http://www.zone-h.org/advisories/read/id=7472\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0467.html\nKeyword: Zone-H Research Center Security Advisory 200501\nISS X-Force ID: 20300\n[CVE-2005-1377](https://vulners.com/cve/CVE-2005-1377)\nBugtraq ID: 13407\n", "modified": "2005-04-27T08:26:58", "published": "2005-04-27T08:26:58", "href": "https://vulners.com/osvdb/OSVDB:16542", "id": "OSVDB:16542", "type": "osvdb", "title": "Claroline tool_access_details.lib.php Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T01:33:54", "description": "The version of Claroline (an open source, collaborative learning\nenvironment) installed on the remote host suffers from a number of\nremotely-exploitable vulnerabilities, including:\n\n - Multiple Remote File Include Vulnerabilities\n Four scripts let an attacker read arbitrary files on the \n remote host and possibly even run arbitrary PHP code, \n subject to the privileges of the web server user.\n\n - Multiple SQL Injection Vulnerabilities\n Seven scripts let an attacker inject arbitrary input\n into SQL statements, potentially revealing sensitive\n data or altering them.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n An attacker can pass arbitrary HTML and script code\n through any of 10 flawed scripts and potentially have\n that code executed by a user's browser in the context \n of the affected website.\n\n - Multiple Directory Traversal Vulnerabilities\n By exploiting flaws in 'claroline/document/document.php' \n and 'claroline/learnPath/insertMyDoc.php', project leaders\n (teachers) are able to upload files to arbitrary folders \n or copy/move/delete (then view) files of arbitrary folders.", "edition": 23, "published": "2005-04-29T00:00:00", "title": "Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1376", "CVE-2005-1375", "CVE-2005-1377", "CVE-2005-1374"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "CLAROLINE_MULT_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/18165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18165);\n script_version(\"1.21\");\n\n script_cve_id(\n \"CVE-2005-1374\", \n \"CVE-2005-1375\", \n \"CVE-2005-1376\", \n \"CVE-2005-1377\"\n );\n script_bugtraq_id(13407);\n\n script_name(english:\"Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is prone to a\nvariety of attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Claroline (an open source, collaborative learning\nenvironment) installed on the remote host suffers from a number of\nremotely-exploitable vulnerabilities, including:\n\n - Multiple Remote File Include Vulnerabilities\n Four scripts let an attacker read arbitrary files on the \n remote host and possibly even run arbitrary PHP code, \n subject to the privileges of the web server user.\n\n - Multiple SQL Injection Vulnerabilities\n Seven scripts let an attacker inject arbitrary input\n into SQL statements, potentially revealing sensitive\n data or altering them.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n An attacker can pass arbitrary HTML and script code\n through any of 10 flawed scripts and potentially have\n that code executed by a user's browser in the context \n of the affected website.\n\n - Multiple Directory Traversal Vulnerabilities\n By exploiting flaws in 'claroline/document/document.php' \n and 'claroline/learnPath/insertMyDoc.php', project leaders\n (teachers) are able to upload files to arbitrary folders \n or copy/move/delete (then view) files of arbitrary folders.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d5e500e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Claroline version 1.5.4 / 1.6.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/27\");\n script_cvs_date(\"Date: 2018/06/13 18:56:26\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple input validation vulnerabilities in Claroline < 1.5.4 / 1.6.0\";\n\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"claroline_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/claroline\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded: 0);\nif (!can_host_php(port:port)) exit(0);\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/claroline\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches))\n{\n dir = matches[2];\n\n # Check for the vulnerability by trying to grab a file.\n r = http_send_recv3(method:\"GET\", port: port,\n item:string(\n dir, \"/claroline/inc/claro_init_header.inc.php?\",\n \"includePath=/etc/passwd%00\"));\n if (isnull(r)) exit(0);\n res = r[2];\n\n # It's a problem if there's an entry for root.\n if (egrep(string:res, pattern:\"root:.+:0:\")) {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
