Technical Description

Multiple vulnerabilities have been identified in Claroline, which could be exploited by remote attackers to execute malicious scripting code or disclose the contents of arbitrary files.

The first issue is caused by an input validation error in the "inc/lib/language.lib.php" script when processing the "language" parameter, which could be exploited by malicious users to include local files with the privileges of the web server.

The second vulnerability is caused by input validation errors in the "admin/adminusers.php", "admin/advancedUserSearch.php" and "admin/campusProblem.php" scripts when processing the "dir", "action" and "view" parameters, which could be exploited by malicious people to conduct cross site scripting attacks.

Affected Products

Claroline version '1.8.5' and prior

Solution

Upgrade to Claroline version 1.8.6 : http://www.claroline.net/download/stable.html

References

http://www.frsirt.com/english/advisories/2007/3045 http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security http://www.claroline.net/forum/viewtopic.php?t=13448 http://www.claroline.net/forum/viewtopic.php?t=13533

Credits

Vulnerabilities reported by Fernando Munoz.

ChangeLog

2007-09-04 : Initial release

Feedback

http://www.claroline.net/forum/

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.