CyberSec.Space Logo
Back to CVE Browser

CVE-2006-0411

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile39.96th
PublishedJan 25, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Affected Platforms (CPE)

πŸ“¦
Claroline

Claroline

= 1.7.2

References & Advisories

πŸ”— http://secunia.com/advisories/18588
πŸ”— http://www.securityfocus.com/archive/1/422482
πŸ”— http://www.securityfocus.com/bid/16341
πŸ”— http://www.vupen.com/english/advisories/2006/0320
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/24326
πŸ”— http://secunia.com/advisories/18588
πŸ”— http://www.securityfocus.com/archive/1/422482
πŸ”— http://www.securityfocus.com/bid/16341

Related Vulnerabilities

CVE-2008-082410.0

Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.

CVE-2005-13757.5

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attac...

CVE-2005-13767.5

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Can...

CVE-2006-52567.5

PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers...