Vulnerabilities > Dokeos

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2012-5776 Cross-Site Scripting vulnerability in Dokeos 2.1.1
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
network
dokeos CWE-79
3.5
2013-12-05 CVE-2013-6341 SQL Injection vulnerability in Dokeos 2.0/2.1
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
network
low complexity
dokeos CWE-89
7.5
2009-06-08 CVE-2009-2009 Cross-Site Scripting vulnerability in Dokeos 1.8.5
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
network
dokeos CWE-79
4.3
2009-06-08 CVE-2009-2008 SQL Injection vulnerability in Dokeos 1.8.5
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
network
dokeos CWE-89
6.8
2009-06-08 CVE-2009-2007 Path Traversal vulnerability in Dokeos 1.8.5
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a ..
network
low complexity
dokeos CWE-22
5.0
2009-06-08 CVE-2009-2006 Cross-Site Scripting vulnerability in Dokeos 1.8.5
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php.
network
high complexity
dokeos CWE-79
2.6
2009-06-08 CVE-2009-2005 Cross-Site Request Forgery (CSRF) vulnerability in Dokeos 1.8.5
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
network
dokeos CWE-352
6.8
2009-06-08 CVE-2009-2004 SQL Injection vulnerability in Dokeos 1.8.5
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
network
low complexity
dokeos CWE-89
7.5
2008-07-30 CVE-2008-3363 Path Traversal vulnerability in Dokeos E-Learning System 1.8.5
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
network
low complexity
dokeos CWE-22
7.5
2008-03-10 CVE-2008-1223 Remote Code Execution and Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
dokeos
7.5