Dokeos Security Vulnerabilities and Issues — Dokeos CVE List

Lucene search

DokeosDokeos

16 matches found

CVE•added 2006/05/10 2:14 a.m.•49 views

CVE-2006-2284

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.

6.8CVSS7.5AI score0.09381EPSS

CVE•added 2006/05/10 2:14 a.m.•45 views

CVE-2006-2286

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_pat...

6.8CVSS7.7AI score0.01112EPSS

CVE•added 2008/02/21 12:44 a.m.•45 views

CVE-2008-0850

Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) R...

7.5CVSS8.5AI score0.01329EPSS

CVE•added 2013/12/05 6:55 p.m.•39 views

CVE-2013-6341

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

7.5CVSS8.4AI score0.01684EPSS

CVE•added 2009/06/08 7:30 p.m.•38 views

CVE-2009-2008

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

6.8CVSS8.6AI score0.00545EPSS

CVE•added 2009/06/08 7:30 p.m.•37 views

CVE-2009-2006

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action;...

2.6CVSS5.8AI score0.00545EPSS

CVE•added 2007/05/30 10:30 a.m.•36 views

CVE-2007-2901

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.

4.3CVSS5.8AI score0.0512EPSS

CVE•added 2007/05/30 10:30 a.m.•36 views

CVE-2007-2902

SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.

7.5CVSS7.8AI score0.00335EPSS

CVE•added 2009/06/08 7:30 p.m.•35 views

CVE-2009-2004

Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.

7.5CVSS8.6AI score0.00706EPSS

CVE•added 2020/01/29 3:15 p.m.•34 views

CVE-2012-5776

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.

5.4CVSS5.3AI score0.00191EPSS

CVE•added 2006/07/28 11:4 p.m.•33 views

CVE-2006-3924

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS6AI score0.00333EPSS

CVE•added 2005/08/17 4:0 a.m.•31 views

CVE-2005-2598

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to cla...

5CVSS7.5AI score0.00291EPSS

CVE•added 2009/06/08 7:30 p.m.•30 views

CVE-2009-2005

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

6.8CVSS7.4AI score0.00172EPSS

CVE•added 2009/06/08 7:30 p.m.•30 views

CVE-2009-2007

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a ....

5CVSS7.1AI score0.00358EPSS

CVE•added 2007/12/20 8:46 p.m.•29 views

CVE-2007-6479

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI...

4.9CVSS7AI score0.02787EPSS

CVE•added 2009/06/08 7:30 p.m.•28 views

CVE-2009-2009

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.

4.3CVSS6AI score0.00357EPSS