Description
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
Remediation
References
Related Vulnerabilities
Moodle Improper Input Validation Vulnerability (CVE-2020-1756)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.35)
WordPress Plugin WP-ViperGB Cross-Site Scripting (1.3.15)
WordPress Plugin Easy Watermark Security Bypass (0.7.0)
WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.6)