CVE-2007-4742

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
Configurations

Configuration 1

cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*

Information

Published : 2007-09-06 07:17

Updated : 2012-10-30 02:56


NVD link : CVE-2007-4742

Mitre link : CVE-2007-4742

Products Affected
No products.
CWE