claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 82.7%