SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
docebo docebo 3.0.4 |
||
docebo docebo 3.5_beta |
||
docebo docebo 3.0.3 |
||
docebo docebo 3.0.5 |
||
docebo docebo |