Shodan
Vulnerabilities
Vulnerable Software
Dokeos:  Security Vulnerabilities
CVE-2012-5776
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-01-29
CVE-2013-6341
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVSS Score
7.5
EPSS Score
0.017
Published
2013-12-05
CVE-2009-2004
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
CVSS Score
7.5
EPSS Score
0.007
Published
2009-06-08
CVE-2009-2005
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2009-06-08
CVE-2009-2006
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.
CVSS Score
2.6
EPSS Score
0.005
Published
2009-06-08
CVE-2009-2007
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-06-08
CVE-2009-2008
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
CVSS Score
6.8
EPSS Score
0.004
Published
2009-06-08
CVE-2009-2009
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-06-08
CVE-2008-3363
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
CVSS Score
7.5
EPSS Score
0.062
Published
2008-07-30
CVE-2008-1222
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2008-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved