54 matches found
EUVD-2018-21625
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
CVE-2018-25170
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
CVE-2018-25170 DoceboLMS 1.2 SQL Injection via lesson.php
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
CVE-2018-25170 DoceboLMS 1.2 SQL Injection via lesson.php
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
CVE-2018-25170
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...
CVE-2018-25170
CVE-2018-25170 affects DoceboLMS 1.2. An SQL injection enables unauthenticated attackers to manipulate queries by injecting SQL through lesson.php parameters id, idC, and idU via GET requests to retrieve sensitive data. The connected sources confirm the vulnerability and affected workflow but do ...
EUVD-2005-4089
Malware in sbrugna...
EUVD-2011-3684
Malware in sbrugna...
EUVD-2011-5035
Malware in sbrugna...
CVE-2011-3726
DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files...
SUSE CVE-2005-4095
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command...
DoceboLMS 1.2 Shell Upload / SQL Injection
Exploit Title: DoceboLMS 1.2 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload Vulnerabilities
Exploit for php platform in category web applications Exploit Title: DoceboLMS 1.2 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...
DoceboLMS 1.2 - SQL Injection Arbitrary File Upload
DoceboLMS 1.2 - SQL Injection Arbitrary File Upload Exploit Title: DoceboLMS 1.2 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
Exploit Title: DoceboLMS 1.2 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...
DoceboLMS 4.0.4 - Multiple Stored XSS Vulnerabilities
No description provided by source. !-- DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities Vendor: Docebo Product web page: http://www.docebo.org Affected version: 4.0.4 CE Summary: DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets...
DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability
No description provided by source. Vulnerable Script: Docebo LMS 2.05 Discovered: beford xbefordx gmail com Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...
Docebo LMS <= 4.0.4 - (messages) Remote Code Execution
No description provided by source. ?php / Docebo LMS = v4.0.4 messages remote code execution exploit vendor: http://www.docebo.com/ software link: http://www.docebo.com/community/doceboCms/ author: mrme::rwx kru email: steventhomasseeley!gmail!com We must become the change we want to see in the...
DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit
No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: This is called, using the conquered...
DoceboLMS 2.0.x Lang Parameter Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include...