CVE-2006-2577
published 2006-05-24CVE-2006-2577: Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary…
PriorityP430medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.1th percentile
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| docebo | docebo | <= 3.0.3 | — |
| docebo | docebo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rcf3-4fjx-gj97: Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-6963 [MEDIUM] GHSA-rcf3-4fjx-gj97: Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577.
GHSA
GHSA-8w59-jvm9-p4r4: Multiple PHP remote file inclusion vulnerabilities in Docebo 3
ghsa_unreviewed·2022-05-01
CVE-2006-2577 [MEDIUM] GHSA-8w59-jvm9-p4r4: Multiple PHP remote file inclusion vulnerabilities in Docebo 3
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
2006-05-24
Published