CVE-2007-4742
Claroline < 1.8.5 - Authenticated Sensitive Information Exposure via Admin Users Sort Parameter
Title source: llmDescription
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://www.claroline.net/forum/viewtopic.php?t=13448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39160
Various Sources x_refsource_misc
http://cvs.claroline.net/cgi-bin/viewcvs.cgi/claroline/claroline/admin/adminusers.php?only_with_tag=V_1_8&r2=1.109.2.1&r1=1.10
Scores
EPSS
0.0104
EPSS Percentile
60.1%
Details
CWE
CWE-20
Status
published
Products (1)
claroline/claroline
< 1.8.5
Published
Sep 06, 2007
Tracked Since
Feb 18, 2026