cbcvebase.

Dokeos Open Source Learning And Knowledge Management Tool vulnerabilities

6 known vulnerabilities affecting dokeos/open_source_learning_and_knowledge_management_tool.

Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2007-2889P3HIGHCVSS 7.5PoCv1.4v1.5+7 more2007-05-30
CVE-2007-2889 [HIGH] CVE-2007-2889: SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote atta SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
nvd
CVE-2006-4844P3MEDIUMCVSS 5.1PoCv1.4v1.5+7 more2006-09-19
CVE-2006-4844 [MEDIUM] CWE-94 CVE-2006-4844: PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earli PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
nvd
CVE-2006-2285P3MEDIUMCVSS 5.1PoCv1.4v1.5+5 more2006-05-10
CVE-2006-2285 [MEDIUM] CVE-2006-2285: PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to e PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
nvd
CVE-2007-6574P4MEDIUMCVSS 4.3PoCv1.4v1.5+7 more2007-12-28
CVE-2007-6574 [MEDIUM] CWE-79 CVE-2007-6574: Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attacke Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
nvd
CVE-2008-1223P3HIGHCVSS 7.5v1.8.42008-03-10
CVE-2008-1223 [HIGH] CVE-2008-1223: Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2008-1222P4MEDIUMCVSS 4.3v1.8.42008-03-10
CVE-2008-1222 [MEDIUM] CWE-79 CVE-2008-1222: Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to injec Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
Dokeos Open Source Learning And Knowledge Management Tool vulnerabilities | cvebase