Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-04-03T10:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2006-04-03T00:00:00
Link: CVE-2006-1594
JSON object: View
NVD Information
Status : Modified
Published: 2006-04-03T10:04:00.000
Modified: 2017-10-11T01:30:46.577
Link: CVE-2006-1594
JSON object: View
Redhat Information
No data.
CWE