Multiple SQL Injection Vulnerabilities in Claroline and Dokeos

Multiple SQL Injection Vulnerabilities in Claroline and Dokeos

CVE-2005-1375 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.