Filtered by vendor Dokeos Subscriptions
Total 24 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-6341 1 Dokeos 1 Dokeos 2024-11-21 N/A
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2012-5776 1 Dokeos 1 Dokeos 2024-11-21 5.4 Medium
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
CVE-2009-2009 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
CVE-2009-2008 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
CVE-2009-2007 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.
CVE-2009-2006 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.
CVE-2009-2005 1 Dokeos 1 Dokeos 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
CVE-2009-2004 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
CVE-2008-3363 1 Dokeos 1 E-learning System 2024-11-21 N/A
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
CVE-2008-1223 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2024-11-21 N/A
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2008-1222 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0851 1 Dokeos 1 E-learning System 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
CVE-2008-0850 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
CVE-2007-6574 1 Dokeos 2 Open Source Learning And Knowledge Management, Open Source Learning And Knowledge Management Tool 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
CVE-2007-6479 1 Dokeos 1 Dokeos 2024-11-21 N/A
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
CVE-2007-2902 1 Dokeos 1 Dokeos 2024-11-21 N/A
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
CVE-2007-2901 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
CVE-2007-2889 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2024-11-21 N/A
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
CVE-2006-4844 2 Claroline, Dokeos 2 Claroline, Open Source Learning And Knowledge Management Tool 2024-11-21 N/A
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
CVE-2006-3924 1 Dokeos 1 Dokeos 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.