NVD

Id
65591  
Name
CVE-2006-7048  
Description
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2007-02-23  
Modified Date
2008-09-05  
Seq
2006-7048  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
341772 65591 CVE-2006-7048 20060508 Claroline file inclusion vulnerabilities  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
52585 JVNDB-2007-001277 Claroline における PHP リモートファイルインクルージョンの脆弱性 Claroline には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2006-7048 23150 CVE-2006-7048 65591 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001277.html 2007-02-23 2012-06-26 View