vendor:
Docebo
by:
Andrea Fabrizi
7.5
CVSS
HIGH
SQL-Injection
CWE
Product Name: Docebo
Affected Version From: 3.6.0.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple SQL-Injection Vulnerabilities
The Docebo application version 3.6.0.3 is affected by multiple SQL-Injection vulnerabilities. The vulnerability allows an attacker to execute arbitrary SQL queries in the application's database, potentially leading to unauthorized access or modification of data.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input validation and parameterized queries to prevent SQL-Injection attacks. Additionally, keeping the application up to date with the latest security patches and versions can help protect against known vulnerabilities.