Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-0850

Published: 21/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 770
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Dokeos

Vulnerability Summary

Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dokeos dokeos 1.8.4

Exploits

Exploit DB: Dokeos 1.8.4 - '/main/create_course/add_course.php?tutor_name' SQL Injection
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of th ...
Exploit DB: Dokeos 1.8.4 - 'whoisonline.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, ...
Exploit DB: Dokeos 1.8.4 - 'main/inc/lib/events.lib.inc.php' Referer HTTP Header SQL Injection
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the webserve ...
Exploit DB: Dokeos 1.8.4 - '/main/mySpace/index.php?tracking_list_coaches_column' SQL Injection
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the ...

References

CWE-89http://projects.dokeos.com/index.php?do=details&task_id=2218http://secunia.com/advisories/28974http://www.securityfocus.com/bid/27792http://www.securitytracker.com/id?1019425http://securityreason.com/securityalert/3687http://www.vupen.com/english/advisories/2008/0587http://www.securityfocus.com/archive/1/488314/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/31200/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook