Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Claroline 跨站脚本漏洞
Vulnerability Description
Claroline是Claroline开源的一个开源学习管理系统。 Claroline 13.5.7版本及之前版本存在安全漏洞。攻击者利用该漏洞通过任意创建特权用户来提升权限。
CVSS Information
N/A
Vulnerability Type
N/A