Vulnerabilities > Dokeos > High

DATE CVE VULNERABILITY TITLE RISK
2013-12-05 CVE-2013-6341 SQL Injection vulnerability in Dokeos 2.0/2.1
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
network
low complexity
dokeos CWE-89
7.5
7.5
2009-06-08 CVE-2009-2004 SQL Injection vulnerability in Dokeos 1.8.5
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
network
low complexity
dokeos CWE-89
7.5
7.5
2008-07-30 CVE-2008-3363 Path Traversal vulnerability in Dokeos E-Learning System 1.8.5
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
network
low complexity
dokeos CWE-22
7.5
7.5
2008-03-10 CVE-2008-1223 Remote Code Execution and Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
dokeos
7.5
7.5
2008-02-21 CVE-2008-0850 SQL Injection vulnerability in Dokeos 1.8.4
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
network
low complexity
dokeos CWE-89
7.5
7.5
2007-05-30 CVE-2007-2902 SQL-Injection vulnerability in Dokeos
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
network
low complexity
dokeos
7.5
7.5
2007-05-30 CVE-2007-2889 SQL Injection vulnerability in Dokeos CourseLog.PHP
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
network
low complexity
dokeos
7.5
7.5