Dokeos : Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 1
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-12-05
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
Max CVSS
6.8
EPSS Score
0.24%
Published
2009-06-08
Updated
2017-08-17
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
Max CVSS
7.5
EPSS Score
0.35%
Published
2009-06-08
Updated
2017-08-17
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
Max CVSS
7.5
EPSS Score
0.48%
Published
2008-02-21
Updated
2018-10-15
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
Max CVSS
7.5
EPSS Score
0.63%
Published
2007-05-30
Updated
2017-10-11
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
Max CVSS
7.5
EPSS Score
0.21%
Published
2007-05-30
Updated
2017-10-11
6 vulnerabilities found