Vulnerability Details CVE-2006-0411
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/18588
- http://www.securityfocus.com/archive/1/422482
- http://www.securityfocus.com/bid/16341
- http://www.vupen.com/english/advisories/2006/0320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24326
- http://secunia.com/advisories/18588
- http://www.securityfocus.com/archive/1/422482
- http://www.securityfocus.com/bid/16341
- http://www.vupen.com/english/advisories/2006/0320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24326