CVE-2005-1375

Claroline 1.5.3-1.6 RC - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Exploits (4)

exploitdb WORKING POC VERIFIED

by K-C0d3r · perlwebappsphp

https://www.exploit-db.com/exploits/1053

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by mh_p0rtal · phpwebappsphp

https://www.exploit-db.com/exploits/1052

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Sieg Fried · textwebappsphp

https://www.exploit-db.com/exploits/25552

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Sieg Fried · textwebappsphp

https://www.exploit-db.com/exploits/25553

View Code ZIP pw:eip

References (7)

[Exploit, Patch] http://www.securityfocus.com/bid/13407

[Exploit, Patch] http://secunia.com/advisories/15161

[Mailing List] http://marc.info/?l=bugtraq&m=111464607103407&w=2

[Patch] http://www.claroline.net/news.php#85

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/20298

[Exploit, Patch] http://securitytracker.com/id?1013822

[Third Party Advisory] http://secunia.com/advisories/15725

Scores

EPSS 0.0132

EPSS Percentile 79.9%

Details

Status published

Products (3)

claroline/claroline 1.5.3

claroline/claroline 1.6_beta

claroline/claroline 1.6_rc1

Published May 03, 2005

Tracked Since Feb 18, 2026