Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning
Victor Manuel Mtz wrote:
> * Package name : Claroline
> Version : 1.7.8
> Upstream Author : Lederer Guillaume <guillaume@claroline.net>
> * URL : http://www.claroline.net
> * License : GPL
> Description : Course Management System for Online Learning
>
> Claroline is a free application based on PHP/MySQL allowing teachers or
> education organizations to create and administrate courses through the
> web.
>
> Developed from teachers to teachers, Claroline is built over sound
> pedagogical principles allowing a large variety of pedagogical setup
> including widening of traditional classroom and online collaborative
> learning.
However, it also seems to be built over unsound web programming principles
allowing a large variety of security exploits including widening of
SQL queries and online collaborative cross-site-scripting.
(CVE-2006-3257, CVE-2006-2868, CVE-2006-2284, CVE-2006-1596, CVE-2006-1595,
CVE-2006-1594, CVE-2006-0411, CVE-2005-1377, CVE-2005-1376, CVE-2005-1375,
CVE-2005-1374 and possibly more, I stopped digging deeper)
I don't think this should enter the archive.
Cheers,
Moritz
Reply to: