CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-0411

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile39.96th
Published2006年1月25日
Last Modified2026年4月16日

Vulnerability Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Affected Platforms (CPE)

📦
Claroline

Claroline

= 1.7.2

References & Advisories

🔗 http://secunia.com/advisories/18588
🔗 http://www.securityfocus.com/archive/1/422482
🔗 http://www.securityfocus.com/bid/16341
🔗 http://www.vupen.com/english/advisories/2006/0320
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/24326
🔗 http://secunia.com/advisories/18588
🔗 http://www.securityfocus.com/archive/1/422482
🔗 http://www.securityfocus.com/bid/16341

相關漏洞威脅

CVE-2008-082410.0

Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.

CVE-2005-13757.5

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attac...

CVE-2005-13767.5

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Can...

CVE-2006-52567.5

PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers...