Lucene search
High-Tech BridgeHTB23181HistoryOct 30, 2013 - 12:00 a.m.
SQL Injection in Dokeos
2013-10-3000:00:00
High-Tech Bridge
www.htbridge.com
19
0.002 Low
EPSS
Percentile
55.8%
High-Tech Bridge Security Research Lab discovered vulnerability in Dokeos, which can be exploited to perform SQL Injection attacks.
- SQL Injection in Dokeos: CVE-2013-6341
The vulnerability exists due to insufficient validation of “language” HTTP GET parameter passed to “/index.php” script. A remote unauthenticated attacker can execute arbitrary SQL commands in application’s database and gain complete control over the vulnerable web application.
The following exploitation example displays version of MySQL server:
http://[host]/index.php?language=0%27%20UNION%20SELECT%201,2,3,4,version%28% 29,6,7,8%20–%202
Related
zdt
zdt
Dokeos 2.2 RC2 SQL Injection Vulnerability
2013-11-27 00:00:00
Dokeos 2.2 RC2 (index.php, language param) - SQL Injection Vulnerability
2013-12-03 00:00:00
exploitpack
exploitpack
Dokeos 2.2 RC2 - index.php?language SQL Injection
2013-12-03 00:00:00
securityvulns
securityvulns
SQL Injection in Dokeos
2013-12-09 00:00:00
nvd
nvd
CVE-2013-6341
2013-12-05 18:55:12
packetstorm
packetstorm
Dokeos 2.2 RC2 SQL Injection
2013-11-27 00:00:00
cvelist
cvelist
CVE-2013-6341
2013-12-05 18:00:00
cve
cve
CVE-2013-6341
2013-12-05 18:55:12
prion
prion
Sql injection
2013-12-05 18:55:00
openvas
openvas
Dokeos <= 2.2 RC2 'language' Parameter SQLi Vulnerability
2013-11-28 00:00:00
exploitdb
exploitdb
Dokeos 2.2 RC2 - 'index.php?language' SQL Injection
2013-12-03 00:00:00