[VIM] Almost: claroline <= Multiple Remote File Include Vulnerablitiy

George A. Theall theall at tenablesecurity.com
Mon Apr 23 20:40:32 UTC 2007

Anyone else seem this (BID 23609)?


Looking at the code from 
http://www.e-learningone.it/software_free/e-learning/claroline175.zip, I 
don't see a file named 'rootSys' in 'claroline/inc/lib'. Nor does it 
seem like the flaw lies in the 'index.php' file in that directory -- it 
has one executable line of code:


There is, though, a file named 'export_exe_tracking.class.php' that is 
probably what he was talking about. Its first non-comment line is:


And the issue was corrected with some patches on 10 May 2006; ie,


theall at tenablesecurity.com

More information about the VIM mailing list