Vulnerabilities > Dokeos

DATE CVE VULNERABILITY TITLE RISK
2006-05-10 CVE-2006-2286 Code Injection vulnerability in Dokeos and Dokeos Community Release
Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php.
network
dokeos CWE-94
6.8
6.8
2006-05-10 CVE-2006-2285 Remote File Include vulnerability in Claroline
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
network
high complexity
dokeos
5.1
5.1
2006-05-10 CVE-2006-2284 Remote File Include vulnerability in Claroline
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.
network
claroline dokeos
6.8
6.8
2005-08-17 CVE-2005-2598 Directory Traversal vulnerability in Dokeos
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.
network
low complexity
dokeos
5.0
5.0