Skip to content

matthieu-hackwitharts/claroline-CVEs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
calendar_xss
calendar_xss
 
 
csrf
csrf
 
 
rce
rce
 
 
svg_xss
svg_xss
 
 
README.md
README.md
 
 

Repository files navigation

claroline-CVEs

This repo describes several vulns found in Claroline Connect app, in its current version : 13.5.7


RCE via arbitrary file upload (CVE-2022-37159) : https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/rce/rce_file_upload.md

'Location' stored XSS (CVE-2022-37162) : https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/calendar_xss/calendar_xss.md

Admin account takeover (CSRF) via XSS because of arbitrary file upload (CVE-2022-37160) : https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md

Stored XSS via SVG file upload (CVE-2022-37161) : https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/svg_xss/svg_xss.md

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published