DoceboLMS is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.
Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs are vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.
DoceboLMS 1.2 is vulnerable to SQL Injection and Arbitrary File Upload. An attacker can exploit these vulnerabilities to gain access to the system and execute malicious code.
Services By CQR