Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Claroline E-Learning应用多个远程输入验证漏洞
Vulnerability Description
Claroline E-Learning Application是一种基于Web网络教学系统。 Claroline在处理用户请求时存在多个输入验证漏洞,远程攻击者可能利用这些漏洞非授权操作数据库,在用户浏览器中执行恶意代码,造成信息泄露或数据破坏。 Claroline的多个脚本没有充分检查过滤用户的参数数据,远程攻击者可以利用来执行SQL注入、跨站脚本执行等攻击。 <**>
CVSS Information
N/A
Vulnerability Type
N/A