VYPR
Unrated severityNVD Advisory· Published Sep 6, 2007· Updated Jun 16, 2026

CVE-2007-4742

CVE-2007-4742

Description

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.

Affected products

2
  • cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*range: <=1.8.5
    • (no CPE)range: <1.8.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.