Vulnerabilities > Dokeos > Open Source Learning AND Knowledge Management Tool > 1.6.rc2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-30 | CVE-2007-2889 | SQL Injection vulnerability in Dokeos CourseLog.PHP SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | 7.5 |
2006-09-19 | CVE-2006-4844 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. | 5.1 |
2006-05-10 | CVE-2006-2285 | Remote File Include vulnerability in Claroline PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | 5.1 |