vendor:
Docebo
by:
EgiX
7.5
CVSS
HIGH
Remote Command Execution
89
CWE
Product Name: Docebo
Affected Version From: 3.5.0.3
Affected Version To: 3.5.0.3
Patch Exists: NO
Related CWE: N/A
CPE: docebo:docebo:3.5.0.3
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Docebo <= 3.5.0.3 (lib.regset.php) Remote Command Execution Exploit
An attacker can inject SQL code through the HTTP Accept-Language header in the query at line 799 of the lib.regset.php file. This can be used to inject PHP code into the Docebo web directory by using the INTO DUMPFILE statement, which requires FILE privilege.
Mitigation:
Ensure that the HTTP Accept-Language header is properly sanitized before being used in a query.
