Description
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (3.1.26)
WordPress Plugin Booking Calendar SQL Injection (8.4.4)
WordPress Plugin Swipe Checkout for WooCommerce Cross-Site Scripting (2.7.1)
OpenSSL Out-of-bounds Write Vulnerability (CVE-2017-3737)
WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.2.6)