Description
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-2733)
Joomla! Core 3.x.x Multiple Vulnerabilities (3.4.4 - 3.6.3)
IBM RTC Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-29786)
WordPress Plugin RSVPmaker Excel Cross-Site Scripting (1.1)
WordPress Plugin BuddyPress Customer.io Analytics Integration Cross-Site Request Forgery (1.1.6)