Test Kennung:	1.3.6.1.4.1.25623.1.0.800628
Kategorie:	Web application abuses
Titel:	Claroline 'notfound.php' Cross-Site Scripting Vulnerability
Zusammenfassung:	The host is running Claroline and is prone to SQL Injection; Vulnerability.
Beschreibung:	Summary: The host is running Claroline and is prone to SQL Injection Vulnerability. Vulnerability Insight: The flaw is due to: - error in 'claroline/linker/notfound.php' which is not properly sanitising input data passed via the 'Referer' header, before being returned to the user. - error in 'group/group.php' which is not properly sanitising input data passed to the 'sort' parameter, before being used in an SQL query. Vulnerability Impact: Successful exploitation will allow attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: Claroline Version 1.8.11 and prior. Solution: Upgrade to the version version 1.8.12 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 34883 Common Vulnerability Exposure (CVE) ID: CVE-2009-1907 http://www.securityfocus.com/bid/34883 Bugtraq: 20090508 Claroline v.1.8.11 Cross-Site Scripting (Google Search) http://www.securityfocus.com/archive/1/503365/100/0/threaded http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html http://www.securitytracker.com/id?1022198 http://secunia.com/advisories/35019 XForce ISS Database: claroline-notfound-xss(50404) https://exchange.xforce.ibmcloud.com/vulnerabilities/50404
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.