CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1375

HIGH
7.5
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile43.54th
PublishedMay 3, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

Affected Platforms (CPE)

πŸ“¦
Claroline

Claroline

= 1.5.3
πŸ“¦
Claroline

Claroline

= 1.6_beta
πŸ“¦
Claroline

Claroline

= 1.6_rc1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=111464607103407&w=2
πŸ”— http://secunia.com/advisories/15161
πŸ”— http://secunia.com/advisories/15725
πŸ”— http://securitytracker.com/id?1013822
πŸ”— http://www.claroline.net/news.php#85
πŸ”— http://www.securityfocus.com/bid/13407
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/20298
πŸ”— http://marc.info/?l=bugtraq&m=111464607103407&w=2

Related Vulnerabilities

CVE-2008-082410.0

Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.

CVE-2006-041110.0

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote atta...

CVE-2005-13767.5

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Can...

CVE-2005-13777.5

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow ...