Published: 05/12/2013 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote malicious users to execute arbitrary SQL commands via the language parameter to index.php.

Affected Products

Vendor Product Versions
DokeosDokeos2.0, 2.1, 2.2


Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Version(s): 22 RC2 and probably prior Tested Version: 22 RC2 Advisory Publication: October 30, 2013 [without technical details] Vendor Notification: October 30, 2013 Public Disclosure: November 27, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-6341 Risk ...

Mailing Lists

Dokeos version 22 RC2 suffers from a remote SQL injection vulnerability ...