Vulnerabilities > CVE-2007-2901 - SQL Injection and Cross-Site Scripting vulnerability in Dokeos

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
dokeos
exploit available
NVD
Published: 2007-05-30
Updated: 2017-10-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Dokeos
1

Exploit-Db

descriptionDokeos <= 1.8.0 (my_progress.php course) Remote SQL Injection Exploit. CVE-2007-2901,CVE-2007-2902. Webapps exploit for php platform
fileexploits/php/webapps/3974.pl
idEDB-ID:3974
last seen2016-01-31
modified2007-05-23
platformphp
port
published2007-05-23
reporterSilentz
sourcehttps://www.exploit-db.com/download/3974/
titleDokeos <= 1.8.0 my_progress.php course Remote SQL Injection Exploit
typewebapps

References