CVE-2007-4742

Claroline < 1.8.5 - Authenticated Sensitive Information Exposure via Admin Users Sort Parameter

Title source: llm
STIX 2.1

Description

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://www.claroline.net/forum/viewtopic.php?t=13448
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39160

Scores

EPSS 0.0104
EPSS Percentile 60.1%

Details

CWE
CWE-20
Status published
Products (1)
claroline/claroline < 1.8.5
Published Sep 06, 2007
Tracked Since Feb 18, 2026