Docebolms: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2006-12-31
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
CVSS Score
7.5
EPSS Score
0.086
Published
2006-05-30
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
CVSS Score
7.5
EPSS Score
0.015
Published
2005-12-08
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
CVSS Score
5.0
EPSS Score
0.113
Published
2005-12-08