VYPR
Unrated severityNVD Advisory· Published Jan 25, 2006· Updated Jun 16, 2026

CVE-2006-0411

CVE-2006-0411

Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Affected products

2
  • cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*
    • (no CPE)range: =1.7.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.