CVE-2022-37160
- Source
- https://cve.org/CVERecord?id=CVE-2022-37160
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37160.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-37160
- Published
- 2022-08-25T16:29:01Z
- Modified
- 2026-05-18T05:54:01.676107591Z
- Summary
- [none]
- Details
-
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
- Database specific
{ "cna_assigner": "mitre", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37160.json" }- References
Affected packages
Git / github.com/claroline/claroline
Affected ranges
- Type
- GIT
- Repo
- https://github.com/claroline/claroline
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "13.5.7" } ] }
Affected versions
13.*
13.0.10
13.0.11
13.0.12
13.0.13
13.0.14
13.0.15
13.0.16
13.0.17
13.0.18
13.0.19
13.0.2
13.0.20
13.0.21
13.0.22
13.0.23
13.0.24
13.0.25
13.0.26
13.0.27
13.0.28
13.0.29
13.0.3
13.0.30
13.0.31
13.0.32
13.0.33
13.0.34
13.0.35
13.0.36
13.0.37
13.0.38
13.0.39
13.0.4
13.0.40
13.0.41
13.0.42
13.0.43
13.0.44
13.0.45
13.0.46
13.0.5
13.0.6
13.0.7
13.0.8
13.0.9
13.1.0
13.1.1
13.1.2
13.1.3
13.1.4
13.3.0
13.4.0
13.4.1
13.4.2
13.4.3
13.5.0
13.5.1
13.5.2
13.5.3
13.5.4
13.5.5
13.5.6
13.5.7