{"id":"CVE-2022-37160","details":"Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.","modified":"2026-05-18T05:54:01.676107591Z","published":"2022-08-25T16:29:01Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37160.json"},"references":[{"type":"WEB","url":"https://github.com/matthieu-hackwitharts/claroline-CVEs/blob/main/csrf/csrf.md"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/37xxx/CVE-2022-37160.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37160"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/claroline/claroline","events":[{"introduced":"0"},{"last_affected":"37f16236677fb445c95d0000bb1fbd2ba5063a44"}],"database_specific":{"cpe":"cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"13.5.7"}]}}],"versions":["13.5.7","13.5.6","13.5.5","13.5.4","13.5.3","13.5.2","13.5.1","13.5.0","13.4.3","13.4.2","13.4.1","13.4.0","13.3.0","13.1.4","13.1.3","13.1.2","13.1.1","13.1.0","13.0.46","13.0.45","13.0.44","13.0.43","13.0.42","13.0.41","13.0.40","13.0.39","13.0.38","13.0.37","13.0.36","13.0.35","13.0.34","13.0.33","13.0.32","13.0.31","13.0.30","13.0.29","13.0.28","13.0.27","13.0.26","13.0.25","13.0.24","13.0.23","13.0.22","13.0.21","13.0.20","13.0.19","13.0.18","13.0.17","13.0.16","13.0.15","13.0.14","13.0.13","13.0.12","13.0.11","13.0.10","13.0.9","13.0.8","13.0.7","13.0.6","13.0.5","13.0.4","13.0.3","13.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37160.json"}}],"schema_version":"1.7.5"}