Dokeos Open Source Learning And Knowledge Management Tool vulnerabilities
6 known vulnerabilities affecting dokeos/open_source_learning_and_knowledge_management_tool.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2007-2889P3HIGHCVSS 7.5PoCv1.4v1.5+7 more2007-05-30
CVE-2007-2889 [HIGH] CVE-2007-2889: SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote atta
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
nvd
CVE-2006-4844P3MEDIUMCVSS 5.1PoCv1.4v1.5+7 more2006-09-19
CVE-2006-4844 [MEDIUM] CWE-94 CVE-2006-4844: PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earli
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
nvd
CVE-2006-2285P3MEDIUMCVSS 5.1PoCv1.4v1.5+5 more2006-05-10
CVE-2006-2285 [MEDIUM] CVE-2006-2285: PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to e
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
nvd
CVE-2007-6574P4MEDIUMCVSS 4.3PoCv1.4v1.5+7 more2007-12-28
CVE-2007-6574 [MEDIUM] CWE-79 CVE-2007-6574: Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
nvd
CVE-2008-1223P3HIGHCVSS 7.5v1.8.42008-03-10
CVE-2008-1223 [HIGH] CVE-2008-1223: Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2008-1222P4MEDIUMCVSS 4.3v1.8.42008-03-10
CVE-2008-1222 [MEDIUM] CWE-79 CVE-2008-1222: Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to injec
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd