Docebolms : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Max CVSS
4.3
EPSS Score
0.15%
Published
2006-12-31
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
Max CVSS
7.5
EPSS Score
14.44%
Published
2006-05-30
Updated
2018-10-18
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
Max CVSS
5.0
EPSS Score
1.55%
Published
2005-12-08
Updated
2017-07-20
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
Max CVSS
7.5
EPSS Score
1.74%
Published
2005-12-08
Updated
2017-07-20
4 vulnerabilities found