Claroline inc/lib/language.lib.php language Variable Traversal Local File Inclusion

2007-07-31T00:00:00
ID OSVDB:38987
Type osvdb
Reporter OSVDB
Modified 2007-07-31T00:00:00

Description

Manual Testing Notes

http://[target]/inc/lib/languages.lib.php?language=../../[file]

References:

Vendor Specific News/Changelog Entry: http://www.claroline.net/forum/viewtopic.php?t=13533 Vendor Specific News/Changelog Entry: http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security Secunia Advisory ID:26685 FrSIRT Advisory: ADV-2007-3045 CVE-2007-4718 Bugtraq ID: 25521