|
2 months ago we published an advisory about the Claroline application:
http://www.zone-h.org/advisories/read/id=7472
Dokeos (www.dokeos.com) 1.5.5 has the same vulnerabilities than
Claroline because it was based on it, but not all of them:
there are 3 file inclusion vulnerabilities, and some of the directory
traversal, SQL injection and XSS vulnerabilities that we reported in
Claroline (didn't check more).
Previous versions are probably also affected.
We mailed the Dokeos staff (www.dokeos.com) on the same day (22/04).
The vendor now confirmed that all the vulnerabilities are fixed in
version 1.6 RC2 which is available here:
http://www.dokeos.com/download.php
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
