Vulnerabilities > Docebo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-31362 | Unrestricted Upload of File with Dangerous Type vulnerability in Docebo 4.0.5 Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. | 8.8 |
| 2010-03-26 | CVE-2009-4742 | SQL Injection vulnerability in Docebo 3.6.0.3 Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php. | 7.5 |
| 2009-09-02 | CVE-2008-7153 | SQL Injection vulnerability in Docebo SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. | 7.5 |
| 2007-01-29 | CVE-2006-6963 | Remote Security vulnerability in Docebo 3.0.3 Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. | 7.5 |