2 matches found
CVE-2008-3363
Affected software: Dokeos E-Learning System 1.8.5 (Windows). Vulnerable component: user_portal.php; issue: directory traversal leading to local file inclusion in include parameter. Root cause: insufficient sanitization of user input. Impact (as stated): remote attacker can view local files or exe...
CVE-2008-0851
CVE-2008-0851 affects Dokeos 1.8.4 with multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can inject arbitrary web script/HTML via (1) username in inscription.php, (2) courseCode in main/calendar/myagenda.php, (3) category in main/admin/course_category.php, (4) message in main...