Docebo

Docebo

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-31361

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.06.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 07:04:24

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

8.8

CVE-2022-31362

Exploit
  • EPSS 0.61%
  • Veröffentlicht 23.06.2022 17:15:13
  • Zuletzt bearbeitet 21.11.2024 07:04:24

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

7.5

CVE-2009-4742

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.03.2010 20:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw a...

7.5

CVE-2008-7153

Exploit
  • EPSS 0.94%
  • Veröffentlicht 02.09.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to...

5

CVE-2008-7154

Exploit
  • EPSS 4.84%
  • Veröffentlicht 02.09.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5...

4.3

CVE-2007-1240

Exploit
  • EPSS 1.85%
  • Veröffentlicht 03.03.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframech...

6.8

CVE-2006-6957

Exploit
  • EPSS 1.06%
  • Veröffentlicht 29.01.2007 16:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this...

7.5

CVE-2006-6963

  • EPSS 1.78%
  • Veröffentlicht 29.01.2007 16:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. ...

5.1

CVE-2006-3107

Exploit
  • EPSS 1.09%
  • Veröffentlicht 21.06.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php ...

5.1

CVE-2006-2576

  • EPSS 12.84%
  • Veröffentlicht 24.05.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelis...