Dokeos

Dokeos

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2012-5776

Exploit
  • EPSS 0.19%
  • Veröffentlicht 29.01.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 01:45:12

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.

7.5

CVE-2013-6341

Exploit
  • EPSS 0.92%
  • Veröffentlicht 05.12.2013 18:55:12
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

7.5

CVE-2009-2004

  • EPSS 0.71%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902...

6.8

CVE-2009-2005

Exploit
  • EPSS 0.17%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

2.6

CVE-2009-2006

  • EPSS 0.55%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content...

5

CVE-2009-2007

Exploit
  • EPSS 0.36%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_co...

6.8

CVE-2009-2008

  • EPSS 0.43%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.p...

4.3

CVE-2009-2009

  • EPSS 0.36%
  • Veröffentlicht 08.06.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to mai...

7.5

CVE-2008-0850

  • EPSS 1.33%
  • Veröffentlicht 21.02.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name paramete...

4.9

CVE-2007-6479

  • EPSS 4.86%
  • Veröffentlicht 20.12.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double ex...