Vulnerability Description
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dokeos | Dokeos | <= 1.6 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html
- http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html
- http://secunia.com/advisories/16407Vendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html
- http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html
- http://secunia.com/advisories/16407Vendor Advisory
FAQ
What is CVE-2005-2598?
CVE-2005-2598 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to clarolin...
How severe is CVE-2005-2598?
CVE-2005-2598 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2598?
Check the references section above for vendor advisories and patch information. Affected products include: Dokeos Dokeos.