TITLE: Dokeos File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA19576 VERIFY ADVISORY: http://secunia.com/advisories/19576/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Dokeos Community Release 2.x http://secunia.com/product/9282/ Dokeos 1.x http://secunia.com/product/4508/ DESCRIPTION: Two vulnerabilities have been discovered in Dokeos, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "rootSys" parameter in "claroline/exercice/testheaderpage.php" and the "clarolineRepositorySys" parameter in "claroline/resourcelinker/resourcelinker.inc.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. The vulnerabilities have been confirmed in Dokeos 1.6.3 and have also been reported in prior versions. The vulnerabilities have also been reported in Dokeos Community Release 2.0.2 and prior. SOLUTION: Update to Dokeos 1.6.4 / Dokeos Community Release 2.0.3. http://www.dokeos.com/download.php PROVIDED AND/OR DISCOVERED BY: First found by unknown person and exploited in the wild. Then reported to the vendor by vianney. ORIGINAL ADVISORY: http://www.dokeos.com/forum/viewtopic.php?t=6848 http://www.dokeos.com/wiki/index.php/Security ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------